CVE-2026-41343
Published: 23 April 2026
Summary
CVE-2026-41343 is a medium-severity Improper Control of Interaction Frequency (CWE-799) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25327
Vulnerability details
OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade…
more
service availability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables service exhaustion flood via unauthenticated concurrent request flooding on webhook endpoint (CWE-799).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
The control requires defining frequency, timing, and approval for security interactions, directly addressing uncontrolled interaction rates.
Allocation policies inherently restrict interaction frequency, reducing the impact of excessive requests.
Spam protection explicitly controls interaction frequency by detecting and acting on bulk unsolicited messages from external sources.