4 matches found
CVE-2026-35626
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...
CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassi...
OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling
Summary Voice Call webhook handling buffered request bodies before provider signature checks, enabling bounded unauthenticated resource exhaustion. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Replay Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack via the voice-call webhook process. An attacker can cause replayed webhook events to be accepted as new by modifying the i-twilio-idempotency-token header in a signed reques...