风间映川

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.2 **Description** An approval integrity issue exists in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. This allows attackers to replace approved local scripts before execution without invalidating the approval plan, leading to the execution of modified script contents. **Recommendations** Update to version 2026.4.2.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.3.31 **Description** The voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service (DoS), which is a state where a system becomes unavailable to its intended users. **Recommendations** Update to version 2026.3.31 or later.