10 matches found
Missing Authentication for Critical Function
Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...
CVE-2026-41405
CVE-2026-41405 affects OpenClaw = 2026.3.31 to mitigate. The reports do not indicate exploitation details beyond remote resource exhaustion via crafted payloads.
CVE-2026-35640 OpenClaw < 2026.3.25 - Denial of Service via Unauthenticated Webhook Request Parsing
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through...
CVE-2026-35640 OpenClaw < 2026.3.25 - Denial of Service via Unauthenticated Webhook Request Parsing
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through...
EUVD-2026-18464
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
OpenClaw Denial of Service Vulnerability (CNVD-2026-14825)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a denial of service vulnerability that stems from its BlueBubbles and Google Chat webhook handlers parsing request bodies before performing authentication and signature verification. An attacker could...
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing
OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request...
GHSA-X4VP-4235-65HG OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability...
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the webhook request body parsing. An attacker can degrade service availability by sending slow or oversized unauthenticated reques...