Description
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.
Published: 2026-04-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions before 2026.3.24 contain an incomplete remediation of a previous vulnerability. The Feishu webhook handler processes incoming request bodies with a permissive 1 MB size limit and allows a 30‑second timeout before verifying the request signature. An attacker who does not need authentication can initiate multiple slow HTTP POST requests to the webhook endpoint, consuming server connection resources and exhausting available connections. This results in legitimate webhook deliveries being blocked, effectively denying service to authorized operations. The weakness is a form of input validation error, specifically an over‑permissive request size and timeout handling, mapped to CWE‑405.

Affected Systems

OpenClaw software before release 2026.3.24. Users running any OpenClaw version below the mentioned patch are affected.

Risk and Exploitability

The vulnerability scores 6.9 on the CVSS scale, placing it in the high‑moderate range, though no EPSS data is available. It is not catalogued in the CISA KEV list. Exploitation requires an unauthenticated attacker to target the Feishu webhook endpoint with crafted slow POST requests, consuming server resources and blocking legitimate traffic. The attack path is straightforward: send oversized or slow payloads before signature verification, causing resource exhaustion. Given that attack requires only HTTP access to the webhook endpoint, the threat surface is broad if the endpoint is publicly reachable.

Generated by OpenCVE AI on April 10, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OpenClaw release (2026.3.24 or newer) to eliminate the vulnerability.
  • If immediate patching is not possible, restrict access to the Feishu webhook endpoint to trusted IP ranges and block slow POST traffic using network or application‑layer rate limiting.
  • Implement monitoring for unusually large or slow POST requests to detect ongoing resource‑exhaustion attempts.
  • Verify that server resource limits and connection pools are configured appropriately to mitigate impact during an attack.

Generated by OpenCVE AI on April 10, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w6m8-cqvj-pg5v OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)
History

Fri, 10 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.
Title OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-405
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T16:58:15.053Z

Reserved: 2026-04-04T12:31:57.498Z

Link: CVE-2026-35665

cve-icon Vulnrichment

Updated: 2026-04-10T16:58:11.455Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:08.437

Modified: 2026-04-13T20:42:44.077

Link: CVE-2026-35665

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:38Z

Weaknesses