CVE-2026-32053

EPSS 0.06%
Veröffentlicht 21.03.2026 00:42:24
Zuletzt bearbeitet 24.03.2026 21:15:38
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenClaw ≫ OpenClaw SwPlatformnode.js Version < 2026.2.23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7

Vendor Advisory

Mitigation

https://github.com/openclaw/openclaw/commit/1d28da55a5d0ff409e34999e0961157e9db0a2ab

Patch

https://www.vulncheck.com/advisories/openclaw-twilio-webhook-replay-bypass-via-randomized-event-id-normalization

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-32053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32053

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32053