Plateforme
nodejs
Composant
openclaw
Corrigé dans
2026.3.1
2026.3.1
CVE-2026-28461 describes a memory exhaustion vulnerability in openclaw. An attacker can trigger unbounded in-memory key growth by manipulating query strings in unauthenticated requests to a reachable Zalo webhook endpoint. This can lead to process instability or Out-of-Memory (OOM) conditions, degrading the availability of the service. Versions of openclaw prior to 2026.3.1 are affected, and a patch has been released.
The primary impact of CVE-2026-28461 is a denial-of-service (DoS) condition. By repeatedly sending crafted webhook requests with varying query strings, an attacker can exhaust the available memory resources of the openclaw process. This memory exhaustion can manifest as process instability, slow response times, or ultimately, a complete crash of the service. The vulnerability's unauthenticated nature means that any attacker with network access to the Zalo webhook endpoint can potentially trigger this issue. While the vulnerability doesn't directly expose sensitive data, the resulting service disruption can have significant operational consequences.
CVE-2026-28461 was publicly disclosed on 2026-03-02. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept (PoC) exploits. The vulnerability has not been added to the CISA KEV catalog. The EPSS score is likely low given the lack of public exploits and active campaigns.
Organizations utilizing openclaw in their Node.js applications, particularly those exposing Zalo webhook endpoints to the internet, are at risk. Shared hosting environments where multiple users share the same openclaw instance are also at increased risk, as an attacker could potentially exploit the vulnerability through another user's webhook integration.
• nodejs: Monitor openclaw process memory usage. High and rapidly increasing memory consumption could indicate exploitation.
ps aux | grep openclaw | awk '{print $6}' | sort -n | tail -1• generic web: Monitor web server access logs for unusual patterns of requests to the Zalo webhook endpoint, particularly those with a large number of unique query parameters.
grep "/zalo_webhook" /var/log/apache2/access.log | awk '{print $7}' | sort | uniq -c | sort -nr | head -10disclosure
Statut de l'Exploit
EPSS
0.09% (percentile 26%)
CISA SSVC
Vecteur CVSS
The recommended mitigation for CVE-2026-28461 is to immediately upgrade openclaw to version 2026.3.1 or later. This version includes a fix that normalizes keys to matched webhook path semantics (excluding query strings) and bounds/prunes the tracking state, preventing unbounded memory growth. If upgrading is not immediately feasible, consider implementing rate limiting on the Zalo webhook endpoint to restrict the number of requests from a single source within a given timeframe. This can help to mitigate the impact of an attack by slowing down the rate at which memory is consumed. After upgrading, confirm the fix by sending multiple webhook requests with varying query strings and monitoring memory usage to ensure it remains within acceptable limits.
Mettez à jour OpenClaw à la version 2026.3.1 ou supérieure. Cette version corrige la vulnérabilité de croissance de mémoire non bornée dans le webhook Zalo en évitant l'accumulation de clés en mémoire par la variation des chaînes de requête. La mise à jour atténue le risque de pression mémoire, d'instabilité du processus ou de conditions de manque de mémoire qui dégradent la disponibilité du service.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-28461 is a HIGH severity vulnerability affecting openclaw versions <= 2026.2.26. It allows unauthenticated attackers to trigger unbounded memory growth via webhook requests, potentially leading to service disruption.
You are affected if you are using openclaw version 2026.2.26 or earlier. Check your version and upgrade immediately.
Upgrade openclaw to version 2026.3.1 or later. This resolves the unbounded memory growth issue.
There is currently no evidence of active exploitation in the wild or publicly available proof-of-concept exploits.
Refer to the openclaw project's release notes and security advisories for the latest information: [https://github.com/your-openclaw-repo/releases](https://github.com/your-openclaw-repo/releases)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.