2 matches found
CVE-2026-34508
OpenClaw is affected by a pre-authentication rate-limiting bypass in versions before 2026.3.12. The vulnerability causes rate limits to kick in only after webhook authentication, enabling attackers to brute-force webhook secrets without triggering 429 responses. As a result, attackers can repeate...
CVE-2026-34505
OpenClaw before 2026.3.12 has a rate-limiting flaw: limits are applied only after successful webhook authentication, allowing attackers to bypass rate limits by repeatedly submitting authentication requests with invalid secrets. This enables systematic guessing of webhook secrets and could lead t...