CVE-2026-41337

Published April 23rd, 2026

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process.

openclaw/openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

GitHub

380K