OpenClaw Webhook Rate Limit Bypass Vulnerability (CVE-2026-34505)
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets leading to forged webhook submission.
OpenClaw versions prior to 2026.3.12 are vulnerable to a rate-limiting bypass (CVE-2026-34505). The vulnerability exists because rate limiting is only applied after successful webhook authentication. This design flaw enables attackers to send numerous authentication requests with incorrect secrets without triggering rate limits. The vulnerability was reported on March 31, 2026. Successful exploitation allows attackers to systematically guess webhook secrets and subsequently submit forged…
Detection coverage 2
Detect Excessive Webhook Authentication Failures
highDetects excessive failed authentication attempts to webhook endpoints, potentially indicating a brute-force attack against OpenClaw (CVE-2026-34505).
Detect Successful Webhook Authentication Followed by Data Submission
mediumDetects a successful webhook authentication (200 OK) followed shortly by a data submission (200 OK or 204 No Content) to the same webhook endpoint, potentially indicating a malicious webhook submission after a successful brute-force (CVE-2026-34505).
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1