CVE-2026-41343

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description The public LINE webhook path lacks a shared pre-authentication concurrency budget. This allows remote attackers to flood the webhook endpoint with concurrent requests before signature verification occurs, leading to resource exhaustion and transient loss of service availability.

Recommendations Update to version 2026.3.31.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-799

Related Identifiers

CVE-2026-41343

GHSA-2HV5-4H3G-4HJV

GHSA-QCC3-JQWP-5VH2

Affected Products

Openclaw

CVE-2026-41343

Weakness Enumeration

Related Identifiers

Affected Products

References · 9