PT-2026-32311 · Npm · Openclaw
Publicado
2026-04-03
·
Atualizado
2026-04-03
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Summary
Discord audio preflight transcription before member authorization
Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: v2026.3.28 still runs Discord audio preflight before member allowlist rejection, but this is the same pre-auth resource-consumption class and not the high-severity auth-bypass framing in the draft.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.28 - Patched versions:
>= 2026.3.31 - First stable tag containing the fix:
v2026.3.31
Fix Commit(s)
ee52f64226a03efadfdf1e3b759e13424a3d4e41— 2026-03-30T14:38:22+01:00
OpenClaw thanks @AntAISecurityLab for reporting.
Correção
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw