Aristore

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.25 **Description** The software does not reliably track processed webhook events from Nextcloud Talk, which allows attackers to capture and reuse valid, signed requests. This replay of requests can lead to duplicate processing, potentially causing problems with data integrity or service availability. **Recommendations** Update to version 2026.2.25 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions prior to 2026.2.25 **Description** OpenClaw versions prior to 2026.2.25 do not have durable replay state for Nextcloud Talk webhook events. This allows valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing, potentially causing integrity or availability issues. The issue stems from the verification of `HMAC(secret, random + body)` without durable replay state tied to webhook events. The fix adds persistent per-account replay deduplication for Nextcloud Talk webhook events, replay checks before webhook side effects, and backend-origin validation. This is an integrity and availability issue scoped to deployments using Nextcloud Talk webhook integration. **Recommendations** OpenClaw versions prior to 2026.2.25 should be updated to version 2026.2.25 or later.