DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-3H52-CX59-C456: GHSA-3H52-CX59-C456: Denial of Service via Pre-Authentication JSON Parsing in OpenClaw Feishu Extension

#security #cve #cybersecurity #ghsa

GHSA-3H52-CX59-C456: Denial of Service via Pre-Authentication JSON Parsing in OpenClaw Feishu Extension

Vulnerability ID: GHSA-3H52-CX59-C456
CVSS Score: 6.5
Published: 2026-03-29

The Feishu webhook extension in OpenClaw eagerly parses unauthenticated JSON payloads prior to verifying cryptographic signatures. This structural flow exposes the application to unauthenticated denial-of-service (DoS) attacks via resource exhaustion and introduces cryptographic fragility during signature reconstruction.

TL;DR

OpenClaw's Feishu extension parses unauthenticated JSON payloads before signature verification, enabling remote denial-of-service attacks.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Denial of Service (DoS) / Cryptographic Bypass
  • CWE ID: CWE-400, CWE-345
  • CVSS v3.1 Base Score: 6.5
  • Attack Vector: Network
  • Authentication Required: None
  • Exploit Status: Unauthenticated DoS Possible

Affected Systems

  • OpenClaw @openclaw/extension-feishu
  • OpenClaw @openclaw/extension-feishu: < commit 5e8cb22176e9235e224be0bc530699261eb60e53 (Fixed in: 5e8cb22176e9235e224be0bc530699261eb60e53)

Code Analysis

Commit: 5e8cb22

Fix: Implement Read-Validate-Parse flow for Feishu webhooks to prevent pre-auth parsing DoS

Replaced readJsonBodyWithLimit with readRequestBodyWithLimit and moved JSON.parse after signature validation.
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Update OpenClaw to the latest patched version containing the fix commit.
  • Implement IP-based access control lists (ACLs) to restrict access to the webhook endpoint to valid Feishu IP ranges.
  • Implement application-level rate limiting on the webhook endpoint to mitigate volumetric DoS attempts.

Remediation Steps:

  1. Verify the current running version of OpenClaw and the @openclaw/extension-feishu module.
  2. Pull the latest repository updates or install the latest release package.
  3. Restart the OpenClaw Node.js process to ensure the updated code is loaded into memory.
  4. Review access logs for the /hook/feishu endpoint to identify any prior exploitation attempts.

References

Read the full report for GHSA-3H52-CX59-C456 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)