CVE-2026-28464
Received Received - Intake
Timing Side-Channel in OpenClaw Hook Token Validation Enables Token Disclosure

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-05-07
AI Q&A
2026-03-06
EPSS Evaluated
2026-05-05
NVD
CVE-2026-28464
EUVD
EUVD-2026-9910
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in OpenClaw versions prior to 2026.2.12, where the software uses a non-constant-time string comparison method for validating hook tokens.

Because the comparison is not constant-time, attackers can measure the time it takes to compare tokens and use these timing differences as side-channels to gradually infer the correct authentication token.

Remote attackers with network access to the hooks endpoint can exploit this timing side-channel by sending multiple requests and analyzing the response times to determine the token.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can gradually discover the authentication token used by the hooks endpoint.

With the token, the attacker may gain unauthorized access to the hooks endpoint, potentially allowing them to execute unauthorized actions or access sensitive information.

This can lead to a compromise of system integrity and confidentiality, posing significant security risks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart