CVE-2026-33580
OpenClaw prior to 2026.3.28 has a missing rate limiting vulnerability in Nextcloud Talk webhook authentication, allowing attackers who can reach the webhook endpoint to brute-force a weak shared secret and forge inbound webhook events. Affected component referenced in advisories is extensions/nex...