OpenClaw Resource Exhaustion Vulnerability via Discord Audio Preflight Authorization Bypass
Vulnerability
A resource exhaustion vulnerability exists in OpenClaw versions prior to 2026.3.31. The issue arises because the application processes Discord audio preflight transcriptions before verifying member authorization. This flaw allows unauthenticated attackers to exploit the audio preflight feature, leading to resource depletion. Remote attackers can initiate audio preflight processing without undergoing member allowlist validation, causing excessive resource consumption.
Impact
Exploitation of this vulnerability leads to resource exhaustion, causing the application to consume excessive resources and potentially degrade performance or availability.
Reproduction
The vulnerability can be reproduced by sending a Discord audio message attachment to a channel where the sender is not authorized. The OpenClaw application will process the audio preflight transcription without validating the sender's authorization, allowing for unauthorized resource consumption.
Remediation
Users can upgrade to OpenClaw version 2026.3.31 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.