Somet2Mes

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.1 **Description** OpenClaw contains a memory growth issue in the Zalo webhook endpoint. Unauthenticated attackers can cause memory accumulation by manipulating query strings. Repeated requests with varying query parameters can lead to memory pressure, process instability, or out-of-memory conditions, potentially impacting service availability. The affected API endpoint is the Zalo webhook. Attackers exploit this by sending requests with different query parameters to the Zalo webhook endpoint. The `query strings` are the vulnerable parameters. **Recommendations** Update OpenClaw to version 2026.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.1 **Description** The software contains a memory growth issue in the Zalo webhook endpoint. Unauthenticated attackers can cause memory exhaustion by sending repeated requests with different query strings to the same webhook route. This leads to unbounded in-memory key accumulation, resulting in memory pressure and potential process instability. The API endpoint affected is the Zalo webhook endpoint. The vulnerability is triggered by varying query strings (`query strings`) sent to the endpoint. **Recommendations** Update to version 2026.3.1 or later.