CVE-2026-28475
Received Received - Intake
Timing Side-Channel in OpenClaw Hook Token Validation Enables Token Theft

Publication date: 2026-03-05

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually recover the authentication token.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28475
EUVD
EUVD-2026-9921
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions prior to 2026.2.13 where the software uses a non-constant-time string comparison method for validating hook tokens.

Because the comparison is not constant-time, attackers can measure the time it takes to validate tokens and use these timing differences as side-channels to gradually infer the correct authentication token.

Remote attackers with network access to the hooks endpoint can exploit this timing side-channel by sending multiple requests and analyzing the response times to recover the token.

Impact Analysis

An attacker who successfully exploits this vulnerability can recover authentication tokens used by OpenClaw's hooks endpoint.

With these tokens, the attacker may gain unauthorized access to the hooks functionality, potentially allowing them to execute unauthorized actions or access sensitive data.

This can lead to a compromise of system integrity, confidentiality, and availability depending on what the hooks endpoint controls.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28475. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart