CVE-2026-41355 affects OpenClaw versions before 2026.3.28. In mirror mode, untrusted sandbox files can be converted into workspace hooks, allowing an attacker with mirror mode access to execute arbitrary code on the host during gateway startup. The published vulnerability data classifies the issue as medium severity and links it to CWE-829.
CVE-2026-32062 affects OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22. The issue lets media-stream WebSocket upgrades complete before stream validation, so unauthenticated clients can keep idle sockets open and consume connection resources until service availability degrades.
