CVE-2026-32011
Published: 19 March 2026
Summary
CVE-2026-32011 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly implements denial-of-service protections to limit effects of resource exhaustion from slow or oversized unauthenticated request bodies in webhook parsers.
Ensures availability of parser resources by dynamically allocating or restricting them against depletion from pre-authentication processing of malicious inputs.
Enforces boundary protections at webhook endpoints to throttle, rate-limit, or reject oversized/slow requests before they trigger vulnerable parsing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Public-facing webhook endpoint parsing vuln (pre-auth) directly enables remote exploitation of an internet-facing app (T1190) to achieve application-layer DoS via resource exhaustion (T1499.004).
NVD Description
OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request…
more
bodies to exhaust parser resources and degrade service availability.
Deeper analysisAI
CVE-2026-32011 is a denial-of-service vulnerability in OpenClaw versions prior to 2026.3.2, specifically within the webhook handlers for BlueBubbles and Google Chat. These handlers parse incoming request bodies before performing authentication and signature validation, enabling resource exhaustion. The issue corresponds to CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high-impact availability disruption potential.
Unauthenticated remote attackers can exploit the vulnerability by sending slow or oversized request bodies to the affected webhook endpoints. This triggers excessive resource consumption in the parser, degrading service availability and causing denial of service without requiring privileges, user interaction, or complex setup.
Advisories recommend upgrading to OpenClaw version 2026.3.2 or later to mitigate the issue. A fixing commit is available at https://github.com/openclaw/openclaw/commit/d3e8b17aa6432536806b4853edc7939d891d0f25, with detailed guidance in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg and the Vulncheck advisory at https://www.vulncheck.com/advisories/openclaw-slow-request-denial-of-service-via-pre-auth-webhook-body-parsing.
Details
- CWE(s)