CVE-2026-28464
Received Received - Intake

Timing Side-Channel in OpenClaw Hook Token Validation Enables Token Disclosure

Vulnerability report for CVE-2026-28464, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: VulnCheck

Description

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-07-06
AI Q&A
2026-03-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions prior to 2026.2.12, where the software uses a non-constant-time string comparison method for validating hook tokens.

Because the comparison is not constant-time, attackers can measure the time it takes to compare tokens and use these timing differences as side-channels to gradually infer the correct authentication token.

Remote attackers with network access to the hooks endpoint can exploit this timing side-channel by sending multiple requests and analyzing the response times to determine the token.

Impact Analysis

An attacker exploiting this vulnerability can gradually discover the authentication token used by the hooks endpoint.

With the token, the attacker may gain unauthorized access to the hooks endpoint, potentially allowing them to execute unauthorized actions or access sensitive information.

This can lead to a compromise of system integrity and confidentiality, posing significant security risks.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart