LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-34505

CVE-2026-34505 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 31, 2026

OpenClaw - Authentication Bypass

Published: March 31, 2026Updated: March 31, 2026Remote Exploitable

Overview

OpenClaw before 2026.3.12 contains a broken authentication caused by rate limiting applied only after successful webhook authentication, letting attackers bypass rate limits and brute-force webhook secrets, exploit requires unauthenticated requests with invalid secrets.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 6.3%(Probability of exploitation in next 30 days)

Impact

Attackers can brute-force webhook secrets, potentially allowing unauthorized webhook submissions and system manipulation.

Mitigation

Update to version 2026.3.12 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 31, 2026

šŸ”“ CVE-2026-34505 - Critical (9.8) OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34505/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 31, 2026

šŸ”“ CVE-2026-34505 - Critical (9.8) OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34505/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 31, 2026

šŸ”“ CVE-2026-34505 - Critical (9.8) OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34505/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 31, 2026

šŸ”“ CVE-2026-34505 - Critical (9.8) OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34505/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-34505
Severity
Critical
CVSS Score
9.8
Type
broken_authentication
Status
new
EPSS
6.3%
Social Posts
4

CWE

  • CWE-307

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.3%Probability of exploitation in the next 30 days