PT-2026-25458 · Npm · Openclaw

Published

2026-03-03

·

Updated

2026-03-03

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

The voice-call Twilio webhook path accepted replay/dedupe identity from unsigned request metadata (i-twilio-idempotency-token), enabling replayed signed requests to bypass replay detection and manager dedupe by mutating only that header.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.25 (latest published npm version at triage time)
  • Fixed on main: commit 1aadf26f9acc399affabd859937a09468a9c5cb4
  • Planned patched npm version: 2026.2.26

Impact

Deployments using the optional voice-call Twilio webhook path could accept replayed webhook events as fresh events when an attacker had one valid signed request and changed only the unsigned idempotency header.

Technical Details

The fix removes unsigned-header trust from Twilio replay/dedupe identity and binds replay/manager dedupe to authenticated request material. It also threads a verified request identity through provider parsing so dedupe uses verification-derived identity rather than mutable headers.

Fix Commit(s)

  • 1aadf26f9acc399affabd859937a09468a9c5cb4

Release Process Note

patched versions is pre-set to the planned next release (2026.2.26). After the npm release is published, this advisory can be published without additional version-field edits.
OpenClaw thanks @tdjackey for reporting.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-294

Related Identifiers

GHSA-GCJ7-R3HG-M7W6

Affected Products

Openclaw