NextGuard
UNKNOWNCVE-2026-33580

OpenClaw < 2026.3.28 - Brute Force Attack via Missing Rate Limiting on Webhook Shared Secret Authentication

Platform

nextcloud

Component

openclaw

Fixed in

2026.3.28

View on NVD

OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.

How to fix

Actualice OpenClaw a la versión 2026.3.28 o posterior. Esta versión implementa limitación de velocidad en la autenticación de webhooks, mitigando el riesgo de ataques de fuerza bruta. Consulte el anuncio de seguridad y el commit en GitHub para obtener más detalles sobre la solución.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free