Vulnerability Details CVE-2026-41400
OpenClaw before 2026.3.31 contains an incomplete fix for CVE-2026-32062 where the voice-call component parses large WebSocket frames before start validation. Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 5.3