PT-2026-35784 · Openclaw · Openclaw

风间映川

Published

2026-04-03

Updated

2026-04-30

CVE-2026-41400

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description The voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service (DoS), which is a state where a system becomes unavailable to its intended users.

Recommendations Update to version 2026.3.31 or later.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2026-41400

GHSA-2W79-R9G8-WMCR

Affected Products

Openclaw

PT-2026-35784 · Openclaw · Openclaw

CVE-2026-41400

Weakness Enumeration

Related Identifiers

Affected Products

References · 9