3 matches found
GHSA-CXFR-3QP8-HPMW Duplicate Advisory: OpenClaw: Zalo webhook rate limiting could be bypassed before secret validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5m9r-p9g7-679c. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to...
CVE-2026-34505
OpenClaw before 2026.3.12 has a rate-limiting flaw: limits are applied only after successful webhook authentication, allowing attackers to bypass rate limits by repeatedly submitting authentication requests with invalid secrets. This enables systematic guessing of webhook secrets and could lead t...
PT-2026-29238
OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds, allowing attackers to bypass rate limits and brute-force webhook secrets without triggering 429 responses. Attackers can repeatedly guess invalid secrets to discover valid credentials and subsequently subm...