Skip to content
CVSS 7.5 · HIGH

CVE-2026-41395

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.

Ver en NVD

Análisis

This vulnerability affects OpenClaw's implementation of Plivo webhook verification, allowing for replay attacks that trigger duplicate voice calls. As this is a niche project for telephony integration rather than a widely used development tool or infrastructure component, it does not warrant a broad alert for the community.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: HIGH
A: NONE
Tipo de falla (CWE): CWE-325

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 4.1%
EPSS: 2026-05-06

Afecta

openclaw:openclaw

Descripción técnica

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call processing with a captured valid signed webhook.

Publicada: 28/4/2026, 19:37:42
Última modificación: 30/4/2026, 20:45:25

Referencias

InicioEventosBlogRecursosEquipo