CVE-2026-28446

Description

### Summary An authentication bypass in the optional `voice-call` extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to `allowlist` or `pairing`. Deployments that do not install/enable the `voice-call` extension are not affected. ### Affected Packages / Versions - `openclaw` (npm): `<= 2026.2.1` - Fixed in: `>= 2026.2.2` ### Details In affected versions (for example `2026.2.1`), the inbound allowlist check in `extensions/voice-call/src/manager.ts` used suffix-based matching and accepted empty caller IDs after normalization. This allowed two bypasses: 1. Missing/empty `from` values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed. 2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted. ### Proof Of Concept 1. Configure the voice-call extension with `inboundPolicy: allowlist` and `allowFrom: ["+15550001234"]`. 2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted. 3. Place a call from a number whose E.164 digits end with `15550001234` (for example `+99915550001234`). The call is accepted. ### Impact Only operators who install/enable the optional `voice-call` extension and use `inboundPolicy=allowlist` or `pairing` could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution. ### Fix The fix hardens inbound policy handling: - Reject inbound calls when caller ID is missing. - Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching). - Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases. Fix commit(s): - `f8dfd034f5d9235c5485f492a9e4ccc114e97fdb` Thanks @simecek for reporting.

How to fix CVE-2026-28446

To remediate CVE-2026-28446, upgrade the affected package to a fixed version below.

—upgrade to 2026.2.2 or later

Is CVE-2026-28446 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv	CVSS 3.1	CRITICAL9.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

How to fix CVE-2026-28446

Is CVE-2026-28446 being exploited?

Affected packages (1)

CVSS scores

References (6)