{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34505/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-34505"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rate-limiting","brute-force","webhook","cve-2026-34505"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions prior to 2026.3.12 are vulnerable to a rate-limiting bypass (CVE-2026-34505). The vulnerability exists because rate limiting is only applied after successful webhook authentication. This design flaw enables attackers to send numerous authentication requests with incorrect secrets without triggering rate limits. The vulnerability was reported on March 31, 2026. Successful exploitation allows attackers to systematically guess webhook secrets and subsequently submit forged…\u003c/p\u003e\n","date_modified":"2026-03-31T12:16:30Z","date_published":"2026-03-31T12:16:30Z","id":"/briefs/2026-03-openclaw-rate-limit-bypass/","summary":"OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets leading to forged webhook submission.","title":"OpenClaw Webhook Rate Limit Bypass Vulnerability (CVE-2026-34505)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-rate-limit-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34505","version":"https://jsonfeed.org/version/1.1"}