← volver
CVE-2026-41333

OpenClaw < 2026.3.31 - Authentication Rate Limiting Bypass via Fake DeviceToken

CVSS 6.3 MEDIUMEPSS 0.4%CWE-799
OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute force attacks against weak shared passwords.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557fhttps://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken