Description
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.
Published: 2026-03-05
Score: 9.2 Critical
EPSS: 1.3% Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.1 contain an inbound allowlist policy validation flaw that accepts empty caller IDs and uses suffix‑based matching instead of strict equality. This allows remote callers to bypass authentication checks and reach the voice‑call agent, potentially executing arbitrary tools and commands. The flaw represents an authentication bypass (CWE-303) that can lead to unauthorized control over the voice‑call functionality.

Affected Systems

Vendors: OpenClaw; Product: OpenClaw. Vulnerable editions include any release of OpenClaw prior to 2026.2.1 that has the voice‑call extension installed and enabled. Users of newer releases or deployments without the extension are not affected.

Risk and Exploitability

The CVSS v3 rating is 9.2, indicating critical severity. EPSS is reported as slightly less than 1%, implying low current exploitation likelihood but not zero risk. The vulnerability is not listed in the CISA KEV catalog, so large‑scale exploitation has not yet been confirmed. Attackers can exploit the flaw by initiating remote voice calls with intentionally missing caller IDs or numbers ending with allowlisted digits; no additional privileges or local compromise are required.

Generated by OpenCVE AI on April 16, 2026 at 04:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.2.1 or later to apply the vendor fix that enforces strict equality and rejects empty caller IDs
  • If upgrading is not immediately possible, disable the voice‑call extension until a patch can be applied
  • Configure inbound allowlist checks to require non‑empty caller IDs and enforce exact match, and monitor call logs for anomalous patterns or repeated empty caller ID attempts (this is a temporary workaround pending an official patch)

Generated by OpenCVE AI on April 16, 2026 at 04:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4rj2-gpmh-qq5x OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)
History

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-303

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Fri, 06 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-303

Fri, 06 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.
Title OpenClaw < 2026.2.1 - Inbound Allowlist Policy Bypass in voice-call Extension via Empty Caller ID and Suffix Matching
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-303
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T13:41:17.757Z

Reserved: 2026-02-27T19:16:27.436Z

Link: CVE-2026-28446

cve-icon Vulnrichment

Updated: 2026-03-11T13:41:10.449Z

cve-icon NVD

Status : Modified

Published: 2026-03-05T22:16:16.390

Modified: 2026-03-11T14:16:26.753

Link: CVE-2026-28446

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:45:16Z

Weaknesses