OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure

Summary

@openclaw/voice-call (and the bundled copy shipped in openclaw) accepted media-stream WebSocket upgrades before stream validation. In reachable deployments, unauthenticated pre-start sockets could be held open and increase resource pressure.

Affected Packages / Versions

• openclaw (npm): vulnerable <= 2026.2.21-2, patched in 2026.2.22.
• @openclaw/voice-call (npm): vulnerable <= 2026.2.21, patched in 2026.2.22.

Technical Details

Before this fix, the voice-call media-stream path upgraded sockets first and ran shouldAcceptStream() after a later start frame. This created a pre-auth window where remote clients could hold idle sockets without call/token validation.

Impact

Availability risk in deployments where the media-stream endpoint is reachable and streaming is enabled. Under sustained abuse, this could consume connection-related resources and degrade service for legitimate streams.

Remediation

The fix adds layered controls in the media-stream path:

• strict pre-start timeout (close sockets that do not send a valid start frame quickly)
• global pending-connection cap
• per-IP pending-connection cap
• total open media-stream connection cap
• safer upgrade-path parsing in the webhook server

Fix Commit(s)

• 1d8968c8a821ff1a05c294a1846b3bcb6f343794

Release Process Note

patched_versions is pre-set to 2026.2.22 so this advisory is ready to publish once npm openclaw@2026.2.22 and @openclaw/voice-call@2026.2.22 are released.

OpenClaw thanks @jiseoung for reporting.