PT-2026-26735 · Openclaw · Openclaw

Jisung

Publicado

2026-03-03

Atualizado

2026-03-21

CVE-2026-32053

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.23

Description OpenClaw contains a flaw in Twilio webhook event deduplication. Normalized event IDs are randomized during parsing, which allows replay events to bypass deduplication checks. This can lead to attackers replaying Twilio webhook events, triggering duplicate or stale call-state transitions, and potentially causing incorrect call handling and state corruption.

Recommendations Update OpenClaw to version 2026.2.23 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-294

Identificadores relacionados

CVE-2026-32053

GHSA-3R78-RQG8-95GG

GHSA-VQX8-9XXW-F2M7

Produtos afetados

Openclaw

PT-2026-26735 · Openclaw · Openclaw

CVE-2026-32053

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11