Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.2 views

CVE-2026-35626

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

6.9CVSS5.9AI score0.00494EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.2 views

CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...

6.9CVSS5.8AI score0.00494EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/26 7:50 p.m.6 views

OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling

Summary Voice Call webhook handling buffered request bodies before provider signature checks, enabling bounded unauthenticated resource exhaustion. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.8AI score0.00494EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/03 10:25 p.m.4 views

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the voice-call webhook process. An attacker can cause replayed webhook events to be accepted as new by modifying the i-twilio-idempotency-token header in a signed reques...

6.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder