CVE-2026-28446 (CVSS 9.8): OpenClaw Voice Extension RCE — What You Need to Know

Published: March 2026 | Severity: Critical A new critical vulnerability has been disclosed affecting OpenClaw's voice-call extension. CVE-2026-28446 carries a CVSS score of 9.8 — the near-maximum possible. If you're running OpenClaw with the voice extension, you need to act now. What Is CVE-2026-28446? CVE-2026-28446 is a Remote Code Execution (RCE) vulnerability in OpenClaw versions prior to 2026.2.1, specifically when the voice-call extension is installed and enabled. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the host machine with the privileges of the OpenClaw process. CVSS 9.8 puts this in the same category as the most dangerous vulnerabilities ever documented — the kind that enable complete host takeover without any user interaction. Context: OpenClaw's Security Record This is not OpenClaw's first critical CVE. It is part of a documented pattern: CVE-2026-25253 (CVSS 8.8): One-click RCE via token theft. Malicious websites could

CVE-2026-28446 (CVSS 9.8): OpenClaw Voice Extension RCE — What You Need to Know

Related Articles

The Quiet Advantage of Learning in Small, Practical Steps

2. Readers-writers Problem

The Part Nobody Could Scale

Claude Code Now Lets You Code From Your Phone. Here’s What I Learned the Hard Way.

Stop Watching Tutorials: The Real Way to Learn Coding Faster

Related Articles

How-To
The Quiet Advantage of Learning in Small, Practical Steps
Medium Programming • 3h ago

How-To
2. Readers-writers Problem
Medium Programming • 6h ago

How-To
The Part Nobody Could Scale
Medium Programming • 7h ago

How-To
Claude Code Now Lets You Code From Your Phone. Here’s What I Learned the Hard Way.
Medium Programming • 7h ago

How-To
Stop Watching Tutorials: The Real Way to Learn Coding Faster
Medium Programming • 8h ago