Abeyron

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.13 **Description** The software uses non-constant-time string comparison for hook token validation, potentially allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually recover the authentication token. Real-world latency and jitter can make reliable measurement difficult. The issue requires the hooks to be exposed to an untrusted network and a large number of requests. **Recommendations** Upgrade to OpenClaw version 2026.2.13 or later. If an immediate upgrade is not possible, restrict network access to the hooks endpoint and rotate the hooks token after updating.