GHSA-rm59-992w-x2mv: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling

March 26, 2026

Voice Call webhook handling buffered request bodies before provider signature checks, enabling bounded unauthenticated resource exhaustion.

References

github.com/advisories/GHSA-rm59-992w-x2mv
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead
github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv

Code Behaviors & Features

Detect and mitigate GHSA-rm59-992w-x2mv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →