Openclaw · Openclaw · CVE-2026-41354
**Name of the Vulnerable Software and Affected Versions**
OpenClaw versions prior to 2026.4.2
**Description**
An insufficient scope issue exists in Zalo webhook replay dedupe keys. This allows legitimate events from different senders or conversations to collide, enabling attackers to exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows across chat sessions.
**Recommendations**
Update to version 2026.4.2.