Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-35665PATCHED

openclaw · openclaw

OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing

Description

A vulnerability classified as problematic has been found in OpenClaw up to 2026.3.23. This affects an unknown function of the component Feishu Webhook Endpoint. Performing a manipulation results in asymmetric resource consumption. This vulnerability is cataloged as CVE-2026-35665. It is possible to initiate the attack remotely.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	npm/openclaw: < 2026.3.24

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	openclaw	cert_advisory	90%

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v(third-party-advisory)
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing(third-party-advisory)

Related News (2 articles)

Tier B

BSI Advisories7h ago

[NEU] [hoch] OpenClaw: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-35665 | OpenClaw up to 2026.3.23 Feishu Webhook Endpoint amplification (GHSA-w6m8-cqvj-pg5v)

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

openclaw@2026.3.24

CWECWE-400, CWE-405

PublishedApr 10, 2026

Last enriched3d agov2

Trending Score51

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-25253EXPKEV

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CRITICALCVE-2026-35647EXP

OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices

CRITICALCVE-2026-35663EXP

OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim

CRITICALCVE-2026-35669EXP

OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope

NONECVE-2026-35668EXP

OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026

Patch Available

Apr 10, 2026

Updated: description, affectedVersions, severity

Apr 10, 2026

Version History

v2

Last enriched 3d ago

v2Tier C3d ago

Updated description with new details, changed affected versions to < 2026.3.23, and updated severity to HIGH.

descriptionaffectedVersionsseverity

via VulDB

v13d ago

Initial creation