A vulnerability in the openclaw npm package exposes Feishu webhook handlers to denial-of-service attacks. Versions up to 2026.3.24 parse incoming JSON request bodies before validating signatures, letting unauthenticated attackers force expensive parsing operations. Attackers send payloads that trigger high CPU or memory usage during JSON.parse(), crashing or slowing servers before the invalid signature rejects them. The fix lands in commit 5e8cb22176e9235e224be0bc530699261eb60e53, but as of verification, the latest published npm version remains vulnerable at 2026.3.24—no 2026.3.25 release yet.
Vulnerability Breakdown
OpenClaw handles Feishu (ByteDance’s enterprise collaboration platform, akin to Slack) webhooks in Node.js apps. Feishu signs requests with an X-LC-Sig header using HMAC-SHA256 on the raw body. Proper flow demands signature check on raw bytes first, then parse JSON if valid. Old openclaw code flipped this: it read and parsed the body upfront, validating signature afterward. Result? Anyone hits your endpoint with a 10MB malformed JSON payload, and Node’s parser chokes before the sig fails.
Tests confirm: on tag v2026.3.24, send a gigabyte-scale “billion laughs” JSON bomb or oversized object—server stalls or OOMs. Post-commit on main branch, it buffers raw body, computes sig on bytes, rejects early, parses only legit payloads. Clean fix, no regressions reported.
This isn’t novel. Webhook libs for Slack, Discord, GitHub repeated it historically. JSON parsing amplifies DoS: attackers craft payloads exploiting parser recursion (e.g., nested objects) or sheer size, turning 1KB requests into GB memory spikes. Feishu endpoints often sit public-facing in integrations—bots, CI/CD, notifications—prime DoS targets.
Why This Matters: Real-World Impact
If you use openclaw <= 2026.3.24 for Feishu webhooks, your server risks easy disruption. A script kiddie scans for /feishu/webhook paths (common), blasts payloads, and your app grinds. In production: lost alerts, stalled automations, scaled infra waste. Cost? A single attacker floods with 100 rps from a VPS—your Node event loop blocks on parse, dropping legit traffic.
Feishu serves millions in China-centric enterprises; integrations power sales CRMs, HR tools, custom bots. Downtime cascades: missed customer updates, failed workflows. Skeptically, openclaw’s niche (under 1K weekly npm downloads pre-advisory) limits blast radius, but if your org relies on it, you’re exposed. Maintainers patched main promptly, but npm lags—no auto-publish? Check repo for releases; pin to commit if urgent.
Broadly, audit webhook handlers. Raw body sig checks block 99% junk upfront. Node example for Feishu:
const crypto = require('crypto');
app.post('/webhook', (req, res) => {
const sig = req.headers['x-lc-sig'];
const rawBody = Buffer.from(req.body); // Or stream to buffer
const expected = crypto.createHmac('sha256', secret).update(rawBody).digest('base64');
if (sig !== `sha256=${expected}`) {
return res.status(401).end();
}
const data = JSON.parse(rawBody.toString()); // Safe now
// Handle
});
Why fair? Devs cut corners for simplicity—parse early feels ergonomic. But security basics demand input validation first. Update if using openclaw; fork/pin commit otherwise. Watch npm for 2026.3.25. This advisory (medium severity, CVSS ~5.3) spotlights: small libs, big pains if unpatched.
Bottom line: Patch now, validate raw. Exposes how webhook DoS preys on parser trust—fix flips attacker economics from free to futile.
