# CVE-2026-41343

> Vulnerability · severity: **MEDIUM** (CVSS 5.3).

## Description

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade service availability.

## Key facts

- **CVE ID:** CVE-2026-41343
- **Published:** 2026-04-23
- **CVSS severity:** MEDIUM
- **CVSS base score:** 5.3
- **CWE codes:** CWE-799

## Affected products

- `openclaw:openclaw`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41343

## Citation

> AI Analytics. CVE-2026-41343. Retrieved 2026-07-12 from https://api.ai-analytics.org/cve/CVE-2026-41343. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*