CVE-2026-34508

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12

Description The software applies rate limiting only after successful webhook authentication. This allows attackers to bypass rate limits and attempt to brute-force webhook secrets without triggering 429 responses. An attacker can repeatedly guess invalid secrets to discover valid credentials and subsequently submit forged Zalo webhook traffic. The vulnerable component involves the authentication process for webhooks. The webhook authentication is affected.

Recommendations Update to version 2026.3.12 or later.