CVE-2026-28446

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.

### Summary An authentication bypass in the optional `voice-call` extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to `allowlist` or `pairing`. Deployments that do not install/enable the `voice-call` extension are not affected. ### Affected Packages / Versions - `openclaw` (npm): `<= 2026.2.1` - Fixed in: `>= 2026.2.2` ### Details In affected versions (for example `2026.2.1`), the inbound allowlist check in `extensions/voice-call/src/manager.ts` used suffix-based matching and accepted empty caller IDs after normalization. This allowed two bypasses: 1. Missing/empty `from` values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed. 2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted. ### Proof Of Concept 1. Configure the voice-call extension with `inboundPolicy: allowlist` and `allowFrom: ["+15550001234"]`. 2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted. 3. Place a call from a number whose E.164 digits end with `15550001234` (for example `+99915550001234`). The call is accepted. ### Impact Only operators who install/enable the optional `voice-call` extension and use `inboundPolicy=allowlist` or `pairing` could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution. ### Fix The fix hardens inbound policy handling: - Reject inbound calls when caller ID is missing. - Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching). - Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases. Fix commit(s): - `f8dfd034f5d9235c5485f492a9e4ccc114e97fdb` Thanks @simecek for reporting.

### Summary An authentication bypass in the optional `voice-call` extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to `allowlist` or `pairing`. Deployments that do not install/enable the `voice-call` extension are not affected. ### Affected Packages / Versions - `openclaw` (npm): `<= 2026.2.1` - Fixed in: `>= 2026.2.2` ### Details In affected versions (for example `2026.2.1`), the inbound allowlist check in `extensions/voice-call/src/manager.ts` used suffix-based matching and accepted empty caller IDs after normalization. This allowed two bypasses: 1. Missing/empty `from` values normalized to an empty string, which caused the allowlist predicate to evaluate as allowed. 2. Suffix-based matching meant any caller number whose digits ended with an allowlisted number would be accepted. ### Proof Of Concept 1. Configure the voice-call extension with `inboundPolicy: allowlist` and `allowFrom: ["+15550001234"]`. 2. Place/trigger an inbound call with missing/empty caller ID (provider-dependent; for example anonymous/restricted caller). The call is accepted. 3. Place a call from a number whose E.164 digits end with `15550001234` (for example `+99915550001234`). The call is accepted. ### Impact Only operators who install/enable the optional `voice-call` extension and use `inboundPolicy=allowlist` or `pairing` could have inbound access controls bypassed, potentially allowing unauthorized callers to reach auto-response and tool execution. ### Fix The fix hardens inbound policy handling: - Reject inbound calls when caller ID is missing. - Require strict equality when comparing normalized caller IDs against the allowlist (no suffix/prefix matching). - Add regression tests for missing caller ID, anonymous caller ID, and suffix-collision cases. Fix commit(s): - `f8dfd034f5d9235c5485f492a9e4ccc114e97fdb` Thanks @simecek for reporting.

Las versiones de OpenClaw anteriores a la 2026.2.1 con la extensión de llamada de voz instalada y habilitada contienen una vulnerabilidad de omisión de autenticación en la validación de la política de lista de permitidos de entrada que acepta identificadores de llamadas vacíos y utiliza la coincidencia basada en sufijos en lugar de la igualdad estricta. Los atacantes remotos pueden omitir los controles de acceso de entrada realizando llamadas con identificadores de llamadas faltantes o números que terminan con dígitos en la lista de permitidos para alcanzar al agente de llamada de voz y ejecutar herramientas.