Main Vulnerability Database Vulnerabilities #VU125215

Improper Restriction of Excessive Authentication Attempts in OpenClaw - #VU125215

Published: April 8, 2026

Vulnerability identifier: #VU125215

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to guess weak webhook tokens.

The vulnerability exists due to improper restriction of excessive authentication attempts in the Synology Chat webhook authentication mechanism when handling repeated invalid token submissions. A remote attacker can send repeated token guesses to guess weak webhook tokens.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm

Improper Restriction of Excessive Authentication Attempts in OpenClaw - #VU125215

Detailed vulnerability description

Remediation

Sources

Please verify you're human