PT-2026-26226 · Openclaw · Openclaw

Migraine

Publicado

2026-03-02

Atualizado

2026-03-21

CVE-2026-28461

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1

Description OpenClaw contains a memory growth issue in the Zalo webhook endpoint. Unauthenticated attackers can cause memory accumulation by manipulating query strings. Repeated requests with varying query parameters can lead to memory pressure, process instability, or out-of-memory conditions, potentially impacting service availability. The affected API endpoint is the Zalo webhook. Attackers exploit this by sending requests with different query parameters to the Zalo webhook endpoint. The query strings are the vulnerable parameters.

Recommendations Update OpenClaw to version 2026.3.1 or later.

Correção

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

BDU:2026-05017

CVE-2026-28461

GHSA-WR6M-JG37-68XH

Produtos afetados

Openclaw

PT-2026-26226 · Openclaw · Openclaw

CVE-2026-28461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12