CVE-2026-41346 MEDIUM

CVE-2026-41346: OpenClaw 2026.2.26 < 2026.3.31 - Denial of Service via Improper Pending Pairing Request Cap Enforcement

Vendor Openclaw
Product OpenClaw
Weakness CWE-799
Published April 23, 2026
Last update April 24, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing attackers to exhaust the shared pending window. Remote attackers can submit pairing requests from other accounts to block new pairing challenges on unaffected accounts, causing denial of service.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
April 24, 2026 Record updated

Related vulnerabilities

04Related CVE