Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.5 views

CVE-2026-28446

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.8CVSS5.8AI score0.00652EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 10:16 p.m.7 views

CVE-2026-28446

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.8CVSS0.00652EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/05 9:59 p.m.7 views

EUVD-2026-9896

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.8CVSS6AI score0.00652EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.2 views

CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.4CVSS5.8AI score0.00652EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28446

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.8CVSS6AI score0.00652EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.34 views

CVE-2026-28446 OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

9.4CVSS0.00652EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 9:59 p.m.16 views

CVE-2026-28446

CVE-2026-28446 affects OpenClaw versions prior to 2026.2.1 with the voice-call extension enabled. A authentication bypass in inbound allowlist policy validation accepts empty caller IDs and uses suffix-based matching instead of strict equality, allowing remote attackers to bypass inbound access c...

9.8CVSS6AI score0.00652EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/17 9:36 p.m.3 views

GHSA-4RJ2-GPMH-QQ5X OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...

9.4CVSS5.7AI score0.00652EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/17 9:36 p.m.9 views

OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...

9.8CVSS5.6AI score0.00652EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder