CVE-2026-32062 Overview
CVE-2026-32062 is a resource exhaustion vulnerability affecting OpenClaw and the @openclaw/voice-call extension. The affected components accept media-stream WebSocket upgrades before completing stream validation, allowing unauthenticated clients to establish connections. Remote attackers can exploit this flaw by holding idle pre-authenticated sockets open, consuming connection resources and degrading service availability for legitimate streams.
Critical Impact
Unauthenticated remote attackers can exhaust WebSocket connection resources, causing denial of service for legitimate voice call streams without requiring any credentials or user interaction.
Affected Products
- OpenClaw versions 2026.2.21-2 prior to 2026.2.22
- @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22
Discovery Timeline
- 2026-03-11 - CVE CVE-2026-32062 published to NVD
- 2026-03-12 - Last updated in NVD database
Technical Details for CVE-2026-32062
Vulnerability Analysis
This vulnerability stems from improper resource allocation controls in the media stream WebSocket handling code. The voice-call extension accepts WebSocket upgrade requests for media streams without implementing proper authentication gates or connection limits at the initial handshake phase. This creates a window where unauthenticated connections can consume server resources before any validation occurs.
The attack surface is network-accessible and requires no authentication or user interaction to exploit. An attacker can programmatically open numerous WebSocket connections to the /voice/stream endpoint and intentionally keep them idle without sending the required start frame. Since the server maintains these pre-authenticated connections indefinitely waiting for validation, attackers can exhaust the available connection pool, preventing legitimate users from establishing voice calls.
Root Cause
The root cause is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The media stream WebSocket handler lacked several critical safeguards:
- No timeout mechanism for pre-authenticated connections waiting for a start frame
- No limit on the total number of pending (pre-start) connections
- No per-IP connection throttling to prevent single-source attacks
- No hard cap on total open media stream sockets
Attack Vector
The attack vector is network-based, allowing remote exploitation. An attacker connects to the WebSocket endpoint at /voice/stream and initiates the upgrade handshake. Once the connection is established, the attacker simply refrains from sending the start frame that would trigger authentication and stream validation. The server holds these connections open indefinitely, and by repeating this process, an attacker can exhaust connection resources.
// Security patch implementing connection limits and timeouts
// Source: https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794
vadThreshold: z.number().min(0).max(1).default(0.5),
/** WebSocket path for media stream connections */
streamPath: z.string().min(1).default("/voice/stream"),
+ /**
+ * Close unauthenticated media stream sockets if no valid `start` frame arrives in time.
+ * Protects against pre-auth idle connection hold attacks.
+ */
+ preStartTimeoutMs: z.number().int().positive().default(5000),
+ /** Maximum number of concurrently pending (pre-start) media stream sockets. */
+ maxPendingConnections: z.number().int().positive().default(32),
+ /** Maximum pending media stream sockets per source IP. */
+ maxPendingConnectionsPerIp: z.number().int().positive().default(4),
+ /** Hard cap for all open media stream sockets (pending + active). */
+ maxConnections: z.number().int().positive().default(128),
})
.strict()
.default({
Detection Methods for CVE-2026-32062
Indicators of Compromise
- Unusually high number of WebSocket connections to the /voice/stream endpoint in ESTABLISHED state without corresponding active voice calls
- Multiple idle connections originating from the same IP address or IP range
- Connection logs showing WebSocket upgrades without subsequent start frame messages
- Resource exhaustion alerts indicating connection pool depletion on voice-call services
Detection Strategies
- Monitor WebSocket connection counts at the /voice/stream endpoint and alert when thresholds exceed normal operational baselines
- Implement logging to track the ratio of WebSocket upgrades to successful start frame receptions
- Deploy network-level monitoring to detect rapid connection establishment patterns from single sources
- Configure application performance monitoring to track connection resource utilization trends
Monitoring Recommendations
- Set up alerts for abnormal connection duration patterns on pre-authenticated WebSocket sessions
- Monitor server resource metrics including open file descriptors and memory allocation related to socket management
- Implement connection rate limiting at the load balancer or reverse proxy level as an additional defense layer
How to Mitigate CVE-2026-32062
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.22 or later immediately
- Upgrade @openclaw/voice-call to version 2026.2.22 or later
- Review current WebSocket connection metrics to identify any ongoing exploitation
- Consider temporarily restricting access to the /voice/stream endpoint to known IP ranges if exploitation is suspected
Patch Information
The security patch is available in commit 1d8968c8a821ff1a05c294a1846b3bcb6f343794. The fix introduces several protective mechanisms including a configurable pre-start timeout (preStartTimeoutMs), maximum pending connection limits (maxPendingConnections), per-IP connection limits (maxPendingConnectionsPerIp), and an overall connection cap (maxConnections). For detailed patch information, see the GitHub Security Advisory and VulnCheck Advisory.
Workarounds
- Deploy a reverse proxy or web application firewall with connection rate limiting in front of the voice-call service
- Implement IP-based connection throttling at the network layer to limit concurrent connections per source
- Configure monitoring and automated response to terminate connections exhibiting attack patterns
- Reduce the default WebSocket timeout at the infrastructure level to minimize the impact of idle connection attacks
// Applying the security configuration in webhook.ts
// Source: https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794
const streamConfig: MediaStreamConfig = {
sttProvider,
+ preStartTimeoutMs: this.config.streaming?.preStartTimeoutMs,
+ maxPendingConnections: this.config.streaming?.maxPendingConnections,
+ maxPendingConnectionsPerIp: this.config.streaming?.maxPendingConnectionsPerIp,
+ maxConnections: this.config.streaming?.maxConnections,
shouldAcceptStream: ({ callId, token }) => {
const call = this.manager.getCallByProviderCallId(callId);
if (!call) {
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
