Description
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
Published: 2026-04-28
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Resource Consumption (Denial of Service)
Action: Patch Now
AI Analysis

Impact

OpenClaw versions prior to 2026.3.31 perform Discord audio preflight transcription before checking whether a member is authorized, allowing an unauthenticated remote attacker to trigger this costly processing. The weakness is identified as CWE‑408 and carries a CVSS score of 6.9, indicating a moderate severity vulnerability that can lead to resource exhaustion and disruption of service availability.

Affected Systems

The vulnerability affects the OpenClaw product from the vendor OpenClaw. All releases before 2026.3.31 are impacted, as indicated by the advisory and the commit in the upstream repository.

Risk and Exploitability

The flaw can be exploited by any remote host that can reach the OpenClaw instance because no authentication is required before the audio preflight is initiated. EPSS data is not available, so the exact exploitation probability is unknown, yet the lack of authentication makes the attack surface broad. The vulnerability is not yet listed in the CISA KEV catalog. Given its moderate CVSS score of 6.9, the risk is considered significant, especially in environments where OpenClaw is exposed to the public internet.

Generated by OpenCVE AI on April 28, 2026 at 23:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.3.31 or later, which removes the preflight processing flaw.
  • Restrict network access to the OpenClaw service by firewalling or IP whitelisting so that only trusted clients can reach the Discord audio preflight endpoints.
  • Monitor CPU and memory usage on the OpenClaw server and set alerts for abnormal spikes that may indicate abuse of the preflight feature.

Generated by OpenCVE AI on April 28, 2026 at 23:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
Title OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-408
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:09:38.147Z

Reserved: 2026-04-20T14:10:32.653Z

Link: CVE-2026-41374

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:40.140

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41374

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses