CVE-2026-41374
Resource Exhaustion via Unauthorized Audio Preflight in OpenClaw
Publication date: 2026-04-28
Last updated on: 2026-04-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-408 | The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41374 is a vulnerability in the OpenClaw package versions before 2026.3.31 where Discord audio preflight transcription is performed before validating if a member is authorized. This means that unauthenticated attackers can trigger the audio preflight processing without being on the member allowlist.
Because the authorization check happens too late, attackers can consume system resources by causing the audio transcription process to run unnecessarily. This can lead to resource exhaustion on the affected system.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated remote attackers to consume system resources by triggering the Discord audio preflight transcription process without proper authorization.
The impact is primarily resource exhaustion, which can degrade system performance or availability, potentially causing denial of service conditions.
Since the vulnerability does not allow data compromise or privilege escalation, the main risk is related to system stability and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthenticated attackers triggering Discord audio preflight transcription before member authorization, causing resource exhaustion. Detection would involve monitoring for unauthorized audio preflight processing requests that occur without proper member allowlist validation.
Since the vulnerability is related to resource consumption triggered by unauthenticated requests, you can detect it by observing unusual spikes in resource usage or by logging and analyzing Discord audio preflight requests that do not correspond to authorized members.
Specific commands are not provided in the available resources. However, general approaches could include:
- Monitoring network traffic for Discord audio preflight requests that lack valid member authorization.
- Using system monitoring tools (e.g., top, htop, or resource monitoring dashboards) to detect abnormal resource consumption patterns.
- Reviewing application logs for entries indicating audio preflight processing triggered by unauthorized users.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed.
The fix enforces member authorization checks before performing Discord audio preflight transcription, preventing unauthenticated users from triggering resource-intensive processing.
Additional immediate steps include:
- Apply the patch from commit ee52f64226a03efadfdf1e3b759e13424a3d4e41 if upgrading is not immediately possible.
- Monitor and restrict access to Discord audio preflight endpoints to authorized users only.
- Implement logging and alerting for unauthorized audio preflight attempts to detect potential exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-41374 on compliance with common standards and regulations such as GDPR or HIPAA.