{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-42437/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-42437"}],"_cs_exploited":false,"_cs_products":["openclaw \u003c 2026.4.10"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","websocket","cve-2026-42437"],"_cs_type":"advisory","_cs_vendors":["openclaw"],"content_html":"\u003cp\u003eOpenClaw versions 2026.4.9 and earlier are vulnerable to a denial-of-service (DoS) attack due to improper validation of WebSocket frame sizes on the voice-call realtime path. This vulnerability, identified as CVE-2026-42437, allows remote attackers to send oversized WebSocket frames, leading to resource exhaustion and service unavailability. Deployments exposing the vulnerable webhook path are at risk. Upgrading to version 2026.4.10 or later resolves this vulnerability. The issue was reported and patched in April 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an OpenClaw deployment exposing the voice-call realtime WebSocket path.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a WebSocket frame exceeding the expected size limits.\u003c/li\u003e\n\u003cli\u003eAttacker sends the oversized WebSocket frame to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw server receives the oversized frame without proper size validation.\u003c/li\u003e\n\u003cli\u003eThe server attempts to process the oversized frame, consuming excessive resources.\u003c/li\u003e\n\u003cli\u003eRepeated sending of oversized frames leads to resource exhaustion on the server.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw service becomes unresponsive due to resource starvation.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access voice-call functionalities, resulting in a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering the OpenClaw voice-call service unavailable. The impact is service disruption. The number of affected deployments is currently unknown, but all OpenClaw instances running versions prior to 2026.4.10 are susceptible if the vulnerable websocket endpoint is exposed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.4.10 or later to remediate CVE-2026-42437.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusually large WebSocket frames destined for the voice-call realtime path using a network intrusion detection system.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on WebSocket connections to mitigate the impact of potential DoS attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T12:16:18Z","date_published":"2026-05-05T12:16:18Z","id":"/briefs/2026-05-openclaw-dos/","summary":"OpenClaw versions prior to 2026.4.10 are vulnerable to a denial-of-service attack where remote attackers can send oversized WebSocket frames to the voice-call realtime path, causing service unavailability.","title":"OpenClaw Denial-of-Service via Oversized WebSocket Frames","url":"https://feed.craftedsignal.io/briefs/2026-05-openclaw-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-42437","version":"https://jsonfeed.org/version/1.1"}