8 matches found
CVE-2026-28446
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...
CVE-2026-28446
CVE-2026-28446 affects OpenClaw versions prior to 2026.2.1 with the voice-call extension enabled. A authentication bypass in inbound allowlist policy validation accepts empty caller IDs and uses suffix-based matching instead of strict equality, allowing remote attackers to bypass inbound access c...
PT-2026-23525
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description An authentication bypass exists in the optional voice-call extension when inbound allowlist policy validation is used. The system accepts empty caller IDs and uses suffix-based matching instead o...