Vulnerability Details CVE-2026-35665
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2026-35665
-
cpe:2.3:a:openclaw:openclaw:0.1.0
-
cpe:2.3:a:openclaw:openclaw:0.1.1
-
cpe:2.3:a:openclaw:openclaw:0.1.2
-
cpe:2.3:a:openclaw:openclaw:0.1.3
-
cpe:2.3:a:openclaw:openclaw:1.0.4
-
cpe:2.3:a:openclaw:openclaw:1.1.0
-
cpe:2.3:a:openclaw:openclaw:1.2.0
-
cpe:2.3:a:openclaw:openclaw:1.2.1
-
cpe:2.3:a:openclaw:openclaw:1.2.2
-
cpe:2.3:a:openclaw:openclaw:1.3.0
-
cpe:2.3:a:openclaw:openclaw:2.0.0
-
cpe:2.3:a:openclaw:openclaw:2026.1.10
-
cpe:2.3:a:openclaw:openclaw:2026.1.11
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.11-3
-
cpe:2.3:a:openclaw:openclaw:2026.1.12
-
cpe:2.3:a:openclaw:openclaw:2026.1.12-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.13
-
cpe:2.3:a:openclaw:openclaw:2026.1.14-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.15
-
cpe:2.3:a:openclaw:openclaw:2026.1.16-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.20
-
cpe:2.3:a:openclaw:openclaw:2026.1.21
-
cpe:2.3:a:openclaw:openclaw:2026.1.22
-
cpe:2.3:a:openclaw:openclaw:2026.1.23
-
cpe:2.3:a:openclaw:openclaw:2026.1.24
-
cpe:2.3:a:openclaw:openclaw:2026.1.24-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.29
-
cpe:2.3:a:openclaw:openclaw:2026.1.30
-
cpe:2.3:a:openclaw:openclaw:2026.1.5
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-1
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-2
-
cpe:2.3:a:openclaw:openclaw:2026.1.5-3
-
cpe:2.3:a:openclaw:openclaw:2026.1.8
-
cpe:2.3:a:openclaw:openclaw:2026.1.9
-
cpe:2.3:a:openclaw:openclaw:2026.2.1
-
cpe:2.3:a:openclaw:openclaw:2026.2.12
-
cpe:2.3:a:openclaw:openclaw:2026.2.13
-
cpe:2.3:a:openclaw:openclaw:2026.2.14
-
cpe:2.3:a:openclaw:openclaw:2026.2.15
-
cpe:2.3:a:openclaw:openclaw:2026.2.17
-
cpe:2.3:a:openclaw:openclaw:2026.2.19
-
cpe:2.3:a:openclaw:openclaw:2026.2.2
-
cpe:2.3:a:openclaw:openclaw:2026.2.3
-
cpe:2.3:a:openclaw:openclaw:2026.2.6
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.6-3
-
cpe:2.3:a:openclaw:openclaw:2026.2.9