DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RM59-992W-X2MV: GHSA-RM59-992W-X2MV: Unauthenticated Resource Exhaustion and DoS in OpenClaw Voice Webhooks

#security #cve #cybersecurity #ghsa

GHSA-RM59-992W-X2MV: Unauthenticated Resource Exhaustion and DoS in OpenClaw Voice Webhooks

Vulnerability ID: GHSA-RM59-992W-X2MV
CVSS Score: 7.5
Published: 2026-03-26

OpenClaw versions prior to 2026.3.23 suffer from an unauthenticated resource exhaustion vulnerability in the voice call webhook component. An architectural flaw allowed untrusted, unauthenticated HTTP connections to consume excessive memory and connection pool resources, leading to a complete Denial of Service (DoS) condition.

TL;DR

A buffer-then-verify pattern in OpenClaw's webhook handler allowed unauthenticated attackers to exhaust server memory and connections, causing a Denial of Service. This is fixed in version 2026.3.23.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-400 (Uncontrolled Resource Consumption)
  • Attack Vector: Network (Remote)
  • Authentication Required: None
  • CVSS v3.1 Score: 7.5 (High)
  • Impact: Complete Denial of Service
  • Exploit Status: Proof of Concept / Network Flooding
  • CISA KEV: Not Listed

Affected Systems

  • OpenClaw voice call webhook integration component
  • Installations relying on Twilio, Telnyx, or Plivo webhooks
  • openclaw: < 2026.3.23 (Fixed in: 2026.3.23)

Code Analysis

Commit: 651dc74

Fix resource exhaustion in voice call webhook handler by implementing pre-auth concurrency limits, header gates, and reducing payload budgets.

Mitigation Strategies

  • Upgrade OpenClaw to version 2026.3.23 or later.
  • Implement WAF rules to enforce the presence of required webhook signature headers before forwarding requests to the application.
  • Apply strict IP-based rate limiting at the network ingress level.
  • Configure front-end reverse proxies to drop excessively slow HTTP requests to mitigate Slowloris-style connection exhaustion.

Remediation Steps:

  1. Identify the current version of the openclaw package in your environment.
  2. Update the package using the package manager (e.g., npm install openclaw@^2026.3.23).
  3. Verify that front-end load balancers pass original client IP addresses correctly (e.g., via X-Forwarded-For) to ensure the application's internal IP rate limiter functions properly.
  4. Restart the OpenClaw service and verify webhook connectivity with external providers.

References

Read the full report for GHSA-RM59-992W-X2MV on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)