Description
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Resource Exhaustion and Billing Abuse
Action: Apply Patch
AI Analysis

Impact

OpenClaw before 2026.3.31 allows unauthorized group senders to trigger audio preflight transcription without proper allowlist enforcement, leading to high resource consumption and potential billing abuse. The weakness is classified as CWE-408, Improper Resource Allocation, because the system accepts legitimate preflight requests without checking sender authorization, causing unnecessary processing.

Affected Systems

The affected product is OpenClaw from OpenClaw. Versions older than 2026.3.31 are vulnerable, as identified by the vendor’s release notes.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not available, so exploitation likelihood cannot be precisely quantified. The vulnerability is not listed in the CISA KEV catalog. Attackers likely use a network-based approach by submitting audio preflight requests via Telegram to the affected endpoint before authorization checks are applied, which is inferred from the description.

Generated by OpenCVE AI on April 21, 2026 at 15:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.31 or later, which contains the official fix for this transcription resource consumption flaw.
  • Restrict the Telegram audio preflight endpoint to only allow authorized group senders by reconfiguring the allowlist and validating sender identities before transcription starts.
  • Implement rate limiting and monitor audio preflight traffic to detect and mitigate abusive request patterns, which prevents excessive resource consumption.

Generated by OpenCVE AI on April 21, 2026 at 15:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m6fx-m8hc-572m OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders
History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied.
Title OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Transcription
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-408
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T20:27:46.881Z

Reserved: 2026-04-20T14:03:06.199Z

Link: CVE-2026-41331

cve-icon Vulnrichment

Updated: 2026-04-21T12:59:57.364Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:31.740

Modified: 2026-04-27T15:08:05.010

Link: CVE-2026-41331

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:37:55Z

Weaknesses