Denial of Service Vulnerability in OpenClaw Webhook Handlers for BlueBubbles and Google Chat
CVE-2026-32011

8.7HIGH

Key Information:

Vendor

Openclaw

Status
Openclaw
Vendor
CVE Published:
19 March 2026

What is CVE-2026-32011?

OpenClaw versions prior to 2026.3.2 are susceptible to a Denial of Service attack due to flawed webhook handler implementations. The vulnerability lies in the processing of request bodies for BlueBubbles and Google Chat, where authentication and signature validation are performed only after parsing the request. This allows an unauthenticated attacker to exploit the system by submitting slow or oversized requests, ultimately exhausting parser resources and impairing service availability. It is crucial for users to upgrade to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenClaw 0 < 2026.3.2

OpenClaw 2026.3.2

References

https://github.com/openclaw/openclaw/security/advisories/...
third-party-advisory
https://github.com/openclaw/openclaw/commit/d3e8b17aa6432...
patch
https://www.vulncheck.com/advisories/openclaw-slow-reques...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Baozongwi'xd (@GCXWLP)
JSON
.