← Voltar para CVEs
CVE-2026-41354
LOW3.7
Descricao
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows across chat sessions.
Detalhes CVE
Pontuacao CVSS v3.13.7
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/23/2026
Ultima modificacao4/24/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-706
Referencias
https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.