Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
OpenClaw and @openclaw/voice-call allow unauthorized access to resources
CVE-2026-32062
Summary
OpenClaw versions 2026.2.21-2 and earlier, and the @openclaw/voice-call library versions 2026.2.21 and earlier, can be exploited by unauthorized clients to consume system resources, affecting legitimate users' ability to access streams. This means that attackers can secretly use up your system's resources, slowing down your service. To fix this, update to the latest version of OpenClaw and @openclaw/voice-call.
Original title
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthentica...
Original description
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-770
Allocation of Resources Without Limits
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026