VYPR

npm package

@clawdbot/voice-call

pkg:npm/%40clawdbot/voice-call

Vulnerabilities (1)

  • CVE-2026-28465Mar 5, 2026
    affected <= 2026.1.24

    OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarde