← voltar
CVE-2026-41374

OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization

CVSS 6.9 MEDIUMEPSS 0.5%CWE-408
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization