← Retour aux CVEs
CVE-2026-41354
LOW3.7
Description
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows across chat sessions.
Details CVE
Score CVSS v3.13.7
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie4/23/2026
Derniere modification4/24/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-706
References
https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.