MEDIUM 5.3

GHSA-2w79-r9g8-wmcr

OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)

상세

## Summary Incomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation

## Current Maintainer Triage - Normalized severity: medium - Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleased maxPayload fix confirms the shipped resource-consumption bug remains open.

## Affected Packages / Versions - Package: `openclaw` (npm) - Latest published npm version: `2026.3.31` - Vulnerable version range: `<=2026.3.28` - Patched versions: `>= 2026.3.31` - First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s) - `9abcfdadf591bf266d85fbdfe14ae833e557a110` — 2026-03-31T19:47:10+09:00

OpenClaw thanks @Kazamayc for reporting.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / openclaw

최초 영향 버전: 0 수정 버전: 2026.3.31

수정 npm install openclaw@2026.3.31

상세

이 버전이 영향받나요?

영향 패키지

참고