UNKNOWNCVE-2026-32980
OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request
Platform
other
Component
openclaw
Fixed in
2026.3.13
OpenClaw before 2026.3.13 reads and buffers Telegram webhook request bodies before validating the x-telegram-bot-api-secret-token header, allowing unauthenticated attackers to exhaust server resources. Attackers can send POST requests to the webhook endpoint to force memory consumption, socket time, and JSON parsing work before authentication validation occurs.
How to fix
Actualice OpenClaw a la versión 2026.3.13 o superior. Esta versión corrige la vulnerabilidad de agotamiento de recursos al validar el encabezado x-telegram-bot-api-secret-token antes de procesar el cuerpo de la solicitud.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free