{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-41374","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-04-20T14:10:32.653Z","datePublished":"2026-04-28T18:09:38.147Z","dateUpdated":"2026-04-29T12:43:13.810Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-28T18:09:38.147Z"},"title":"OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization","descriptions":[{"lang":"en","value":"OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion."}],"tags":["x_open-source"],"datePublic":"2026-03-31T00:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-408","description":"CWE-408: Incorrect Behavior Order: Early Amplification","type":"CWE"}]}],"affected":[{"vendor":"OpenClaw","product":"OpenClaw","defaultStatus":"unaffected","packageURL":"pkg:npm/openclaw","versions":[{"version":"0","status":"affected","versionType":"semver","lessThan":"2026.3.31"},{"version":"2026.3.31","status":"unaffected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.3.31"}]}]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"MEDIUM","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","version":"3.1","baseSeverity":"MEDIUM","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}],"references":[{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48","name":"GitHub Security Advisory (GHSA-hhff-fj5f-qg48)","tags":["vendor-advisory"]},{"url":"https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41","name":"Patch Commit","tags":["patch"]},{"name":"VulnCheck Advisory: OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization"}],"credits":[{"lang":"en","value":"AntAISecurityLab","type":"reporter"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-29T12:43:04.018428Z","id":"CVE-2026-41374","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-29T12:43:13.810Z"}}]}}