PT-2026-22431 · Npm · Openclaw

Publicado

2026-02-17

·

Atualizado

2026-02-17

CVSS v4.0

9.2

Crítica

VetorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Summary

An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing.
Deployments that do not install/enable the voice-call extension are not affected.

Affected Packages / Versions

  • openclaw (npm): <= 2026.2.1
  • Fixed in: >= 2026.2.2

Details

In affected versions (for example 2026.2.1), the inbound allowlist check in extensions/voice-call/src/manager.ts used suffix-based matching and accepted empty caller IDs after normalization.
This allowed two bypasses:
  1. Missing/empty from values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed.
  2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted.

Proof Of Concept

  1. Configure the voice-call extension with inboundPolicy: allowlist and allowFrom: ["+15550001234"].
  2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted.
  3. Place a call from a number whose E.164 digits end with 15550001234 (for example +99915550001234). The call is accepted.

Impact

Only operators who install/enable the optional voice-call extension and use inboundPolicy=allowlist or pairing could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution.

Fix

The fix hardens inbound policy handling:
  • Reject inbound calls when caller ID is missing.
  • Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching).
  • Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases.
Fix commit(s):
  • f8dfd034f5d9235c5485f492a9e4ccc114e97fdb
Thanks @simecek for reporting.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

GHSA-4RJ2-GPMH-QQ5X

Produtos afetados

Openclaw