CVE-2026-41331

OpenClaw is affected in versions before 2026.3.31. The vulnerability is a resource consumption issue in Telegram audio preflight transcription that can be triggered by unauthorized group senders, due to insufficient allowlist enforcement before authorization checks. The impact is resource or bill...

CVE-2026-41331 OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription

OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by...

EUVD-2026-24020

OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by...

OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders

Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...