PT-2026-28459 · Openclaw · Openclaw
Space08
·
Publicado
2026-03-16
·
Atualizado
2026-03-29
·
CVE-2026-32980
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.13
Description
The software reads and buffers Telegram webhook request bodies before validating the
x-telegram-bot-api-secret-token header. This allows unauthenticated attackers to exhaust server resources by sending POST requests to the webhook endpoint. Attackers can force memory consumption, socket time, and JSON parsing work before authentication validation occurs. The affected API endpoint is the Telegram webhook endpoint.Recommendations
Update to version 2026.3.13 or later.
Correção
Allocation of Resources Without Limits
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw