Cve-2026-42437 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-42437/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 05 May 2026 12:16:18 +0000OpenClaw Denial-of-Service via Oversized WebSocket Frameshttps://feed.craftedsignal.io/briefs/2026-05-openclaw-dos/Tue, 05 May 2026 12:16:18 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-openclaw-dos/OpenClaw versions prior to 2026.4.10 are vulnerable to a denial-of-service attack where remote attackers can send oversized WebSocket frames to the voice-call realtime path, causing service unavailability.OpenClaw versions 2026.4.9 and earlier are vulnerable to a denial-of-service (DoS) attack due to improper validation of WebSocket frame sizes on the voice-call realtime path. This vulnerability, identified as CVE-2026-42437, allows remote attackers to send oversized WebSocket frames, leading to resource exhaustion and service unavailability. Deployments exposing the vulnerable webhook path are at risk. Upgrading to version 2026.4.10 or later resolves this vulnerability. The issue was reported and patched in April 2026.

Attack Chain

  1. Attacker identifies an OpenClaw deployment exposing the voice-call realtime WebSocket path.
  2. Attacker crafts a WebSocket frame exceeding the expected size limits.
  3. Attacker sends the oversized WebSocket frame to the vulnerable endpoint.
  4. The OpenClaw server receives the oversized frame without proper size validation.
  5. The server attempts to process the oversized frame, consuming excessive resources.
  6. Repeated sending of oversized frames leads to resource exhaustion on the server.
  7. The OpenClaw service becomes unresponsive due to resource starvation.
  8. Legitimate users are unable to access voice-call functionalities, resulting in a denial of service.

Impact

Successful exploitation of this vulnerability results in a denial-of-service condition, rendering the OpenClaw voice-call service unavailable. The impact is service disruption. The number of affected deployments is currently unknown, but all OpenClaw instances running versions prior to 2026.4.10 are susceptible if the vulnerable websocket endpoint is exposed.

Recommendation

  • Upgrade OpenClaw to version 2026.4.10 or later to remediate CVE-2026-42437.
  • Monitor network traffic for unusually large WebSocket frames destined for the voice-call realtime path using a network intrusion detection system.
  • Implement rate limiting on WebSocket connections to mitigate the impact of potential DoS attacks.
]]>mediumadvisorydenial-of-servicewebsocketcve-2026-42437