← back
CVE-2026-41374

OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization

CVSS 6.9 MEDIUMEPSS 0.5%CWE-408
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected products
OpenClaw · OpenClaw

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization