Skip to content
CVSS 7.5 · HIGH

CVE-2026-41395

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.

View on NVD

Analysis

This vulnerability affects OpenClaw's implementation of Plivo webhook verification, allowing for replay attacks that trigger duplicate voice calls. As this is a niche project for telephony integration rather than a widely used development tool or infrastructure component, it does not warrant a broad alert for the community.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: HIGH
A: NONE
Weakness (CWE): CWE-325

EPSS

Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 4.1%
EPSS: 2026-05-06

Affects

openclaw:openclaw

Technical description

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.

Published: 4/28/2026, 7:37:42 PM
Last modified: 4/30/2026, 8:45:25 PM

References

HomeEventsBlogResourcesTeam