top of page
perceptive_background_267k.jpg

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames wi…

Published:

4 mei 2026 om 22:00:00

Alert date:

5 mei 2026 om 20:13:49

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path. The vulnerability allows remote attackers to send oversized WebSocket frames without proper validation, causing service unavailability. This affects deployments that expose the webhook path. The vulnerability has been patched in version 2026.4.10. Multiple security advisories and commit references are available for this issue.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42437
https://github.com/openclaw/openclaw/commit/afadb7dae6738819ad9c7d2597ace0516957d20e
https://github.com/openclaw/openclaw/security/advisories/GHSA-vw3h-q6xq-jjm5
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-oversized-websocket-frames-in-voice-call-realtime-path

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page