Skip to content
CVSS 7.5 · HIGH

CVE-2026-42437

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the webhook path.

Ver en NVD

Análisis

OpenClaw is a niche open-source engine with limited deployment in the MexicoDev stack. The vulnerability is a Denial of Service via resource exhaustion on the WebSocket path, which lacks the high impact or widespread reach needed to justify a general developer alert.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE): CWE-770

EPSS

Probabilidad de explotación (próx. 30 días): 0.0009 (0.1%)
Percentil: 25.4%
EPSS: 2026-05-06

Descripción técnica

OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the webhook path.

Publicada: 5/5/2026, 12:16:18
Última modificación: 5/5/2026, 19:47:31

Referencias

InicioEventosBlogRecursosEquipo