3 matches found
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...