6 matches found
CVE-2026-41374
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion...
CVE-2026-41331
OpenClaw is affected in versions before 2026.3.31. The vulnerability is a resource consumption issue in Telegram audio preflight transcription that can be triggered by unauthorized group senders, due to insufficient allowlist enforcement before authorization checks. The impact is resource or bill...
EUVD-2026-24020
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by...
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders
Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...
GHSA-HHFF-FJ5F-QG48 OpenClaw runs Discord audio preflight transcription before member authorization
Summary Discord audio preflight transcription before member authorization Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still runs Discord audio preflight before member allowlist rejection, but this is the same pre-auth resource-consumption clas...
OpenClaw runs Discord audio preflight transcription before member authorization
Summary Discord audio preflight transcription before member authorization Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still runs Discord audio preflight before member allowlist rejection, but this is the same pre-auth resource-consumption clas...