Security Advisories์ถœ์ฒ˜: GitHub Security Advisories์กฐํšŒ์ˆ˜ 2

[@openclaw/voice-call] OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure

By GitHub
2026๋…„ 3์›” 3์ผ
**[@openclaw/voice-call] OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure**

Summary @openclaw/voice-call (and the bundled copy shipped in openclaw) accepted media-stream WebSocket upgrades before stream validation. In reachable deployments, unauthenticated pre-start sockets could be held open and increase resource pressure. Affected Packages / Versions openclaw (npm): vulnerable <= 2026.2.21-2, patched in 2026.2.22. @openclaw/voice-call (npm): vulnerable <= 2026.2.21, patched in 2026.2.22. Technical Details Before this fix, the voice-call media-stream path upgraded sockets first and ran shouldAcceptStream() after a later start frame...

---

**[devsupporter ํ•ด์„ค]**

์ด ๊ธฐ์‚ฌ๋Š” GitHub Security Advisories์—์„œ ์ œ๊ณตํ•˜๋Š” ์ตœ์‹  ๊ฐœ๋ฐœ ๋™ํ–ฅ์ž…๋‹ˆ๋‹ค. ๊ด€๋ จ ๋„๊ตฌ๋‚˜ ๊ธฐ์ˆ ์— ๋Œ€ํ•ด ๋” ์•Œ์•„๋ณด์‹œ๋ ค๋ฉด ์›๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ•˜์„ธ์š”.
์›๋ณธ ๋ณด๊ธฐ
๋ชฉ๋ก์œผ๋กœ ๋Œ์•„๊ฐ€๊ธฐ