PT-2026-27228 · Openclaw · Openclaw

Migraine

Publicado

2026-03-02

Atualizado

2026-03-24

CVE-2026-32066

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.1

Description The software contains a memory growth issue in the Zalo webhook endpoint. Unauthenticated attackers can cause memory exhaustion by sending repeated requests with different query strings to the same webhook route. This leads to unbounded in-memory key accumulation, resulting in memory pressure and potential process instability. The API endpoint affected is the Zalo webhook endpoint. The vulnerability is triggered by varying query strings (query strings) sent to the endpoint.

Recommendations Update to version 2026.3.1 or later.

Correção

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

CVE-2026-32066

GHSA-WR6M-JG37-68XH

Produtos afetados

Openclaw

PT-2026-27228 · Openclaw · Openclaw

CVE-2026-32066

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6