PT-2026-33873 · Telegram · Openclaw

Antaisecuritylab

Published

2026-04-03

Updated

2026-04-21

CVE-2026-41331

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description An issue in Telegram audio preflight transcription allows unauthorized group senders to trigger transcription processing. This occurs due to insufficient allowlist enforcement, enabling attackers to initiate audio preflight operations before authorization checks are applied, which leads to resource or billing consumption.

Recommendations Update to version 2026.3.31 or later.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-408

Related Identifiers

CVE-2026-41331

GHSA-M6FX-M8HC-572M

Affected Products

Openclaw

PT-2026-33873 · Telegram · Openclaw

CVE-2026-41331

Weakness Enumeration

Related Identifiers

Affected Products

References · 8