CVE-2026-28464
Received Received - Intake
Timing Side-Channel in OpenClaw Hook Token Validation Enables Token Disclosure

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually determine the authentication token.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28464
EUVD
EUVD-2026-9910
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions prior to 2026.2.12, where the software uses a non-constant-time string comparison method for validating hook tokens.

Because the comparison is not constant-time, attackers can measure the time it takes to compare tokens and use these timing differences as side-channels to gradually infer the correct authentication token.

Remote attackers with network access to the hooks endpoint can exploit this timing side-channel by sending multiple requests and analyzing the response times to determine the token.

Impact Analysis

An attacker exploiting this vulnerability can gradually discover the authentication token used by the hooks endpoint.

With the token, the attacker may gain unauthorized access to the hooks endpoint, potentially allowing them to execute unauthorized actions or access sensitive information.

This can lead to a compromise of system integrity and confidentiality, posing significant security risks.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart