OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were due to incomplete fixes to CVE-2026-32062, which could allow remote attackers to send excessively large pre-boo...

OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleas...

CVE-2026-32062

creationtimestamp| type| source ---|---|--- 2026-03-23 02:38:05+00:00| seen| https://bsky.app/profile/secqube.com/post/3mhozqctgon2p 2026-03-23 10:34:05+00:00| seen| https://bsky.app/profile/secqube.com/post/3mhpudiqm7l2z 2026-03-26 14:20:09+00:00| seen|...

CVE-2026-32062

OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-32062 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-32062 Source advisory: OSV:GHSA-MFG5-7Q5G-F37J...