Medium severity5.3NVD Advisory· Published Apr 21, 2026· Updated Apr 27, 2026
CVE-2026-41331
CVE-2026-41331
Description
OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers can exploit insufficient allowlist enforcement to cause resource or billing consumption by initiating audio preflight operations before authorization checks are applied.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.31 | 2026.3.31 |
Affected products
1Patches
1c4fa8635d039fix(telegram): gate audio preflight transcription on sender authorization (#57566)
2 files changed · +107 −1
extensions/telegram/src/bot-message-context.body.test.ts+103 −0 added@@ -0,0 +1,103 @@ +import { describe, expect, it, vi } from "vitest"; +import { normalizeAllowFrom } from "./bot-access.js"; + +const transcribeFirstAudioMock = vi.fn(); + +vi.mock("./media-understanding.runtime.js", () => ({ + transcribeFirstAudio: (...args: unknown[]) => transcribeFirstAudioMock(...args), +})); + +const { resolveTelegramInboundBody } = await import("./bot-message-context.body.js"); + +describe("resolveTelegramInboundBody", () => { + it("does not transcribe group audio for unauthorized senders", async () => { + transcribeFirstAudioMock.mockReset(); + const logger = { info: vi.fn() }; + + const result = await resolveTelegramInboundBody({ + cfg: { + channels: { telegram: {} }, + messages: { groupChat: { mentionPatterns: ["\\bbot\\b"] } }, + } as never, + primaryCtx: { + me: { id: 7, username: "bot" }, + } as never, + msg: { + message_id: 1, + date: 1_700_000_000, + chat: { id: -1001234567890, type: "supergroup", title: "Test Group" }, + from: { id: 46, first_name: "Eve" }, + voice: { file_id: "voice-1" }, + entities: [], + } as never, + allMedia: [{ path: "/tmp/voice.ogg", contentType: "audio/ogg" }], + isGroup: true, + chatId: -1001234567890, + senderId: "46", + senderUsername: "", + routeAgentId: undefined, + effectiveGroupAllow: normalizeAllowFrom(["999"]), + effectiveDmAllow: normalizeAllowFrom([]), + groupConfig: { requireMention: true } as never, + topicConfig: undefined, + requireMention: true, + options: undefined, + groupHistories: new Map(), + historyLimit: 0, + logger, + }); + + expect(transcribeFirstAudioMock).not.toHaveBeenCalled(); + expect(logger.info).toHaveBeenCalledWith( + { chatId: -1001234567890, reason: "no-mention" }, + "skipping group message", + ); + expect(result).toBeNull(); + }); + + it("still transcribes when commands.useAccessGroups is false", async () => { + transcribeFirstAudioMock.mockReset(); + transcribeFirstAudioMock.mockResolvedValueOnce("hey bot please help"); + + const result = await resolveTelegramInboundBody({ + cfg: { + channels: { telegram: {} }, + commands: { useAccessGroups: false }, + messages: { groupChat: { mentionPatterns: ["\\bbot\\b"] } }, + tools: { media: { audio: { enabled: true } } }, + } as never, + primaryCtx: { + me: { id: 7, username: "bot" }, + } as never, + msg: { + message_id: 2, + date: 1_700_000_001, + chat: { id: -1001234567891, type: "supergroup", title: "Test Group" }, + from: { id: 46, first_name: "Eve" }, + voice: { file_id: "voice-2" }, + entities: [], + } as never, + allMedia: [{ path: "/tmp/voice-2.ogg", contentType: "audio/ogg" }], + isGroup: true, + chatId: -1001234567891, + senderId: "46", + senderUsername: "", + routeAgentId: undefined, + effectiveGroupAllow: normalizeAllowFrom(["999"]), + effectiveDmAllow: normalizeAllowFrom([]), + groupConfig: { requireMention: true } as never, + topicConfig: undefined, + requireMention: true, + options: undefined, + groupHistories: new Map(), + historyLimit: 0, + logger: { info: vi.fn() }, + }); + + expect(transcribeFirstAudioMock).toHaveBeenCalledTimes(1); + expect(result).toMatchObject({ + bodyText: "hey bot please help", + effectiveWasMentioned: true, + }); + }); +});
extensions/telegram/src/bot-message-context.body.ts+4 −1 modified@@ -171,6 +171,8 @@ export async function resolveTelegramInboundBody(params: { const disableAudioPreflight = (topicConfig?.disableAudioPreflight ?? (groupConfig as TelegramGroupConfig | undefined)?.disableAudioPreflight) === true; + const senderAllowedForAudioPreflight = + !useAccessGroups || !allowForCommands.hasEntries || senderAllowedForCommands; let preflightTranscript: string | undefined; const needsPreflightTranscription = @@ -179,7 +181,8 @@ export async function resolveTelegramInboundBody(params: { hasAudio && !hasUserText && mentionRegexes.length > 0 && - !disableAudioPreflight; + !disableAudioPreflight && + senderAllowedForAudioPreflight; if (needsPreflightTranscription) { try {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5nvdPatchWEB
- github.com/advisories/GHSA-m6fx-m8hc-572mghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572mnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41331ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcriptionnvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB
News mentions
0No linked articles in our index yet.