CVE-2026-41343

Summary

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade service availability.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.3.31affected
OpenClawOpenClaw2026.3.31unaffected

Weaknesses

  • CWE-799: Improper Control of Interaction Frequency

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References