CVE-2026-28475 — OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network ac — CVE Database · The Intelligence Room