Cyber Resilience

CVE-2026-28446

CriticalPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0065 46.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28446 is a critical-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Openclaw Openclaw. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).

Deeper analysis

CVE-2026-28446 is an authentication bypass vulnerability in OpenClaw versions prior to 2026.2.1 when the voice-call extension is installed and enabled. The flaw occurs in inbound allowlist policy validation, which incorrectly accepts empty caller IDs and performs suffix-based matching instead of strict equality checks. Published on 2026-03-05, it carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) and is associated with CWE-303.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction. By placing calls with missing caller IDs or phone numbers ending in allowlisted digits, they bypass inbound access controls, gain access to the voice-call agent, and execute arbitrary tools.

Advisories recommend upgrading to OpenClaw 2026.2.1 or later to mitigate the issue. Relevant resources include the fixing GitHub commit at https://github.com/openclaw/openclaw/commit/f8dfd034f5d9235c5485f492a9e4ccc114e97fdb, the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-4rj2-gpmh-qq5x, and the Vulncheck advisory at https://www.vulncheck.com/advisories/openclaw-inbound-allowlist-policy-bypass-in-voice-call-extension-via-empty-caller-id.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inbound…

more

access controls by placing calls with missing caller IDs or numbers ending with allowlisted digits to reach the voice-call agent and execute tools.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an authentication bypass in a public-facing voice-call service (AV:N/PR:N), enabling remote unauthenticated exploitation to execute arbitrary tools, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-41394Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-28472Same product: Openclaw Openclaw
CVE-2026-41395Same product: Openclaw Openclaw
CVE-2026-32004Same product: Openclaw Openclaw
CVE-2026-43580Same product: Openclaw Openclaw
CVE-2026-35637Same product: Openclaw Openclaw
CVE-2026-35622Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the authentication bypass by enforcing strict inbound allowlist policy validation with exact caller ID matching to prevent unauthorized access to the voice-call agent.

prevent

Mitigates the vulnerability by requiring validation of caller ID inputs to reject empty values and enforce strict equality instead of suffix-based matching.

prevent

Ensures non-organizational users such as remote callers are properly identified and authenticated, preventing bypass via missing or malformed caller IDs.

References