Feynman-Hou

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.17 **Description** In GnuTLS builds, the SIP TLS transport (sip transport tls) may accept connections with invalid or untrusted certificates. This occurs even when the application explicitly enables certificate verification through the `verify server` or `verify client` variables set to `PJ TRUE`. **Recommendations** Update to version 2.17.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.4.23 **Description** The software caches resolved webhook route secrets backed by `SecretRef` values. This behavior allows stale secrets to remain valid even after they have been rotated and reloaded. Consequently, an attacker possessing previously valid webhook route secrets can continue to authenticate requests and invoke configured webhook task flows until the gateway or plugin is restarted. **Recommendations** Update to version 2026.4.23 or later. As a temporary workaround, restart the gateway or plugin to clear the cached secrets.