Cyber Resilience

CVE-2026-35640

MediumPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35640 is a medium-severity Incorrect Behavior Order (CWE-696) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-35640 is a denial-of-service vulnerability in OpenClaw versions prior to 2026.3.25. The issue stems from the software parsing JSON request bodies in webhook endpoints before validating signatures, which allows attackers to force resource-intensive parsing operations even on invalid requests. This flaw is classified under CWE-696 (Incorrect Behavior Order: Authorization) and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity primarily due to low-impact availability disruption.

Unauthenticated remote attackers can exploit this vulnerability by sending specially crafted malicious webhook requests containing large or complex JSON payloads. Since signature validation occurs after parsing, the server exhausts CPU and memory resources processing these payloads, leading to denial of service through resource exhaustion. No privileges, user interaction, or special access are required, making it accessible to any network adversary targeting exposed OpenClaw webhook endpoints.

Mitigation is addressed in the official GitHub security advisory (GHSA-3h52-cx59-c456) and a corresponding patch commit (5e8cb22176e9235e224be0bc530699261eb60e53), which reportedly reorder operations to validate signatures before JSON parsing. Security practitioners should update to OpenClaw 2026.3.25 or later, as detailed in the advisory and Vulncheck analysis, and review webhook configurations for exposure.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before…

more

signature rejection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in public-facing webhook endpoints enables remote unauthenticated exploitation via crafted JSON payloads to cause application resource exhaustion and DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-35652Same product: Openclaw Openclaw
CVE-2026-35627Same product: Openclaw Openclaw
CVE-2026-35637Same product: Openclaw Openclaw
CVE-2026-28461Same product: Openclaw Openclaw
CVE-2026-32011Same product: Openclaw Openclaw
CVE-2026-41405Same product: Openclaw Openclaw
CVE-2026-41912Same product: Openclaw Openclaw
CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-6011Same product: Openclaw Openclaw
CVE-2026-41361Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces signature validation as an access control mechanism before resource-intensive JSON parsing, directly addressing the incorrect behavior order that enables unauthorized resource exhaustion.

prevent

Provides denial-of-service protections such as rate limiting and resource allocation controls to mitigate resource exhaustion from malicious large JSON payloads in webhook requests.

prevent

Validates information inputs like webhook signatures and payloads prior to processing to prevent resource-intensive parsing of invalid or oversized JSON.

References