EUVD-2026-26088

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

CVE-2026-41379

OpenClaw is affected as OpenClaw < 2026.3.28. The flaw allows authenticated operators with write permissions to use the chat.send endpoint to reach and modify admin-class Talk Voice configuration settings intended for administrators only. Affected versions are = 2026.3.28 and apply any additio...

Improper Handling of Insufficient Permissions or Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the operator.write module reaching admin-class Talk Voice configuration persistence through chat.send. An attacker can gain...

CVE-2025-38099

CVE-2025-38099 : In the Linux kernel, a SCO Bluetooth connection could lock up the controller if voice settings are not properly read or supported. SUSE/OpenSUSE advisories (e.g., openSUSE-SU-2025-20081-1) list CVE-2025-38099 among fixed kernel vulnerabilities with MEDIUM/LOW to HIGH impact range...