CVE-2026-41337

· NIST NVD ↗

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during the replay process.

MEDIUM
CVSS severity
5.3
CVSS base score
2026-04-23
Published

CWE codes

CWE-367

Affected products

openclaw:openclaw

Sources