Vulnerabilities

CVE-2026-41399

by Fred · 28/04/2026

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients.

More information : https://github.com/openclaw/openclaw/security/advisories/GHSA-f44p-c7w9-7xr7

Similar

Tags: Cybersecurity Alert