Openclaw · Openclaw · CVE-2026-35626
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.22
Description
OpenClaw contains an unauthenticated resource exhaustion issue in how it handles voice call webhooks. The system buffers request bodies before verifying the provider's signature, allowing attackers to send large or malicious requests to deplete server resources without authentication, effectively bypassing signature validation.
Recommendations
Update to version 2026.3.22 or later.