Home / Vulnerability Intelligence / CVE-2026-35665

CVE-2026-35665 - Vulnerability Analysis

MediumCVSS: 5.3

Last Updated: April 13, 2026

OpenClaw - Denial of Service

Published: April 10, 2026Updated: April 13, 2026PoC AvailableRemote Exploitable

Overview

OpenClaw before 2026.3.24 contains a denial of service caused by permissive request body size and timeout limits in the Feishu webhook handler before signature verification, letting unauthenticated attackers exhaust server connection resources via slow HTTP POST requests.

Severity & Score

Severity: Medium

CVSS Score: 5.3

Impact

Unauthenticated attackers can exhaust server resources, causing denial of service and blocking legitimate webhook deliveries.

Mitigation

Update to version 2026.3.24 or later.

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-35665
Severity: Medium
CVSS Score: 5.3
Type: denial_of_service
Status: confirmed

CWE

CWE-405

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L