Lucene search
K

3 matches found

OSV
OSV
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.2CVSS6AI score0.00652EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.2 views

CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.4CVSS5.8AI score0.00652EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2017/10/08 12:0 a.m.8 views

Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)

A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...

7.5CVSS4.4AI score0.14907EPSS
Exploits0
Rows per page
Query Builder