VYPR

npm package

@openclaw/voice-call

pkg:npm/%40openclaw/voice-call

Vulnerabilities (2)

  • CVE-2026-32062HigMar 11, 2026
    affected < 2026.2.22fixed 2026.2.22

    OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and @openclaw/voice-call versions 2026.2.21 up to, but not including, 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote at

  • CVE-2026-28465Mar 5, 2026
    affected < 2026.2.3fixed 2026.2.3

    OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarde