top of page
perceptive_background_267k.jpg

OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before str…

Published:

10 March 2026 at 23:00:00

Alert date:

11 March 2026 at 15:02:17

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2026-32062 affects OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22. The vulnerability allows unauthenticated clients to establish WebSocket connections for media-stream upgrades before proper stream validation occurs. Remote attackers can exploit this flaw to hold idle pre-authenticated sockets open, consuming connection resources and degrading service availability for legitimate users. This represents a denial of service vulnerability that can impact the availability of voice call services. The issue has been addressed in version 2026.2.22 with proper validation implemented before WebSocket upgrade acceptance.

Technical details

Mitigation steps:

Affected products:

OpenClaw
@openclaw/voice-call

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32062
https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794
https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j
https://www.vulncheck.com/advisories/openclaw-unauthenticated-websocket-resource-exhaustion-via-media-stream

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page