HIGHCVE-2026-41405Published Modified CNA VulnCheck
CVE-2026-41405: OpenClaw < 2026.3.31 - Resource Exhaustion via Unauthenticated MS Teams Webhook Body Parsing
OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server resources by bypassing authentication checks.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- 2026.3.31
- Affected Products
- 1
Affected packages
- OpenClaw / OpenClaw< 2026.3.31 (from 0)Fixed in 2026.3.31
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N