Resource exhaustion in OpenClaw - #VU125183
Published: April 8, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to uncontrolled resource consumption in the voice call webhook handler when processing webhook requests before provider signature checks. A remote attacker can send crafted webhook requests with oversized request bodies to cause a denial of service.
The issue is bounded by pre-auth body caps and occurs before signature verification.