Cyber Resilience

CVE-2026-35626

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 31.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35626 is a medium-severity Amplification (CWE-405) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated webhook endpoint allows resource exhaustion via large requests before auth, directly enabling public-facing app exploitation (T1190) and application exhaustion DoS (T1499.003/004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

openclaw
openclaw
≤ 2026.3.22

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-405

Reduces impact of amplification attacks that overwhelm the primary site by allowing operations to shift to an equivalent alternate site.

addresses: CWE-405

Alternate services reduce the impact of amplification attacks that exhaust primary telecommunications resources.

addresses: CWE-405

Amplification attacks that exhaust the primary path are mitigated by the existence of an independent alternate path for command traffic.

addresses: CWE-405

Employs controls that mitigate amplification attacks causing asymmetric resource use.

addresses: CWE-405

Limits amplification effects by controlling how resources are allocated under high-volume or recursive load.

References