Improper Control of Interaction Frequency Affecting openclaw package, versions <2026.3.7-beta.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Improper Control of Interaction Frequency vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JS-OPENCLAW-15443475
- published10 Mar 2026
- disclosed9 Mar 2026
- creditJN03
Introduced: 9 Mar 2026
New CVE NOT AVAILABLE CWE-307 (opens in a new tab)How to fix?
Upgrade openclaw to version 2026.3.7-beta.1 or higher.
Overview
openclaw is a 🦞 OpenClaw — Personal AI Assistant
Affected versions of this package are vulnerable to Improper Control of Interaction Frequency via the hooks HTTP handler. An attacker can cause temporary lockout of legitimate webhook delivery by sending repeated non-POST requests with invalid tokens, thereby exhausting the authentication failure budget and triggering a lockout for the affected client key. This can result in a temporary loss of availability for hook-triggered automation or wake events, especially in environments where multiple clients share the same proxy or NAT configuration.