A vulnerability marked as problematic has been reported in OpenClaw up to 2026.3.0 . Affected by this issue is some unknown functionality of the component Zalo Webhook Endpoint . This manipulation causes allocation of resources. The identification of this vulnerability is CVE-2026-28461 . It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.