CVE-2026-42437

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenClaw version 2026.4.9

Description A denial of service issue exists in the voice-call realtime WebSocket path. The system accepts oversized frames without proper validation, allowing remote attackers to send these frames to cause service unavailability for deployments that expose the webhook path.

Recommendations Update to version 2026.4.10 or newer.

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2026-42437

GHSA-VW3H-Q6XQ-JJM5

Affected Products

Openclaw

CVE-2026-42437

Weakness Enumeration

Related Identifiers

Affected Products

References · 7