平台
nodejs
组件
openclaw
修复版本
2026.3.1
2026.3.1
CVE-2026-28461 describes a memory exhaustion vulnerability in openclaw. An attacker can trigger unbounded in-memory key growth by manipulating query strings in unauthenticated requests to a reachable Zalo webhook endpoint. This can lead to process instability or Out-of-Memory (OOM) conditions, degrading the availability of the service. Versions of openclaw prior to 2026.3.1 are affected, and a patch has been released.
The primary impact of CVE-2026-28461 is a denial-of-service (DoS) condition. By repeatedly sending crafted webhook requests with varying query strings, an attacker can exhaust the available memory resources of the openclaw process. This memory exhaustion can manifest as process instability, slow response times, or ultimately, a complete crash of the service. The vulnerability's unauthenticated nature means that any attacker with network access to the Zalo webhook endpoint can potentially trigger this issue. While the vulnerability doesn't directly expose sensitive data, the resulting service disruption can have significant operational consequences.
CVE-2026-28461 was publicly disclosed on 2026-03-02. There is currently no indication of active exploitation in the wild, nor are there any publicly available proof-of-concept (PoC) exploits. The vulnerability has not been added to the CISA KEV catalog. The EPSS score is likely low given the lack of public exploits and active campaigns.
Organizations utilizing openclaw in their Node.js applications, particularly those exposing Zalo webhook endpoints to the internet, are at risk. Shared hosting environments where multiple users share the same openclaw instance are also at increased risk, as an attacker could potentially exploit the vulnerability through another user's webhook integration.
• nodejs: Monitor openclaw process memory usage. High and rapidly increasing memory consumption could indicate exploitation.
ps aux | grep openclaw | awk '{print $6}' | sort -n | tail -1• generic web: Monitor web server access logs for unusual patterns of requests to the Zalo webhook endpoint, particularly those with a large number of unique query parameters.
grep "/zalo_webhook" /var/log/apache2/access.log | awk '{print $7}' | sort | uniq -c | sort -nr | head -10disclosure
漏洞利用状态
EPSS
0.09% (26% 百分位)
CISA SSVC
CVSS 向量
The recommended mitigation for CVE-2026-28461 is to immediately upgrade openclaw to version 2026.3.1 or later. This version includes a fix that normalizes keys to matched webhook path semantics (excluding query strings) and bounds/prunes the tracking state, preventing unbounded memory growth. If upgrading is not immediately feasible, consider implementing rate limiting on the Zalo webhook endpoint to restrict the number of requests from a single source within a given timeframe. This can help to mitigate the impact of an attack by slowing down the rate at which memory is consumed. After upgrading, confirm the fix by sending multiple webhook requests with varying query strings and monitoring memory usage to ensure it remains within acceptable limits.
将 OpenClaw 更新到 2026.3.1 或更高版本。此版本通过避免通过改变查询字符串来累积内存中的键,修复了 Zalo webhook 中的无边界内存增长漏洞。更新可以缓解内存压力、进程不稳定或内存不足的情况,从而降低服务可用性。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-28461 is a HIGH severity vulnerability affecting openclaw versions <= 2026.2.26. It allows unauthenticated attackers to trigger unbounded memory growth via webhook requests, potentially leading to service disruption.
You are affected if you are using openclaw version 2026.2.26 or earlier. Check your version and upgrade immediately.
Upgrade openclaw to version 2026.3.1 or later. This resolves the unbounded memory growth issue.
There is currently no evidence of active exploitation in the wild or publicly available proof-of-concept exploits.
Refer to the openclaw project's release notes and security advisories for the latest information: [https://github.com/your-openclaw-repo/releases](https://github.com/your-openclaw-repo/releases)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。