Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28465

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

8.2CVSS6AI score0.00374EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

8.2CVSS6AI score0.00374EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.29 views

CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-...

8.2CVSS0.00374EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 10:39 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the media-stream WebSocket upgrades. An attacker can exhaust server resources by establishing multiple unauthenticated pre-sta...

8.7CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:36 p.m.5 views

Improper Authentication

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Improper Authentication via the inbound policy check. An attacker can gain unauthorized access to the voice-call agent by placing calls with empty or manipulated caller IDs that bypa...

9.8CVSS5.7AI score0.00652EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 9:34 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Telegram webhook endpoint when webhook mode is enabled without a configured secret. An attacker can impersonate...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 9:31 p.m.4 views

GHSA-3M3Q-X3GJ-F79X OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations

Affected Packages / Versions This issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled. - Package: @openclaw/voice-call - Vulnerable versions: = 2026.2.3 Legacy package name if you are still usi...

8.2CVSS5.5AI score0.00374EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.10 views

OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations

Affected Packages / Versions This issue affects the optional voice-call plugin only. It is not enabled by default; it only applies to installations where the plugin is installed and enabled. - Package: @openclaw/voice-call - Vulnerable versions: = 2026.2.3 Legacy package name if you are still usi...

8.2CVSS5.5AI score0.00374EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder