Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw and @openclaw/voice-call allow unauthenticated access to resources
GHSA-mfg5-7q5g-f37j
Summary
Versions of OpenClaw and @openclaw/voice-call before 2026.2.22 have a security issue that allows unauthorized users to use up system resources, slowing down the service for others. This could cause problems for users who rely on the service. Update to the latest version to fix the issue.
What to do
- Update openclaw to version 2026.2.22.
- Update openclaw voice-call to version 2026.2.22.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.22 | 2026.2.22 |
| openclaw | voice-call | <= 2026.2.22 | 2026.2.22 |
Original title
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthentica...
Original description
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
ghsa CVSS3.1
7.5
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j
- https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f34...
- https://github.com/advisories/GHSA-mfg5-7q5g-f37j
- https://www.vulncheck.com/advisories/openclaw-unauthenticated-websocket-resource...
- https://nvd.nist.gov/vuln/detail/CVE-2026-32062
Published: 2 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026