GHSA-mf5g-6r6f-ghhm: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

March 29, 2026

Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token

References

github.com/advisories/GHSA-mf5g-6r6f-ghhm
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c
github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm

Code Behaviors & Features

Detect and mitigate GHSA-mf5g-6r6f-ghhm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →