Vulnerabilities

CVE-2026-35640

by Fred · 09/04/2026

OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.

More information : https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53

Similar

Tags: Cybersecurity Alert