EUVD-2026-9921

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

CVE-2026-28475

OpenClaw is affected in versions before 2026.2.13 where hook token validation uses non-constant-time string comparison, enabling remote attackers to infer tokens via timing side-channels across multiple requests. This can gradually compromise authentication tokens, impacting confidentiality and i...

EUVD-2026-9910

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the use of non-constant time string comparisons for hook token validation, which can be exploited by an attacker to infer a token via a timed side channel...

PT-2026-23550

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.13 Description The software uses non-constant-time string comparison for hook token validation, potentially allowing attackers to infer tokens through timing measurements. Remote attackers with network access ...