Webhook Replay Vulnerability in OpenClaw Affects Plivo V3 Signature Verification
CVE-2026-41395

8.2HIGH

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-41395?

OpenClaw versions prior to 2026.3.28 are susceptible to a webhook replay vulnerability within the Plivo V3 signature verification process. This security flaw arises from the canonicalization of query parameter ordering for signatures while relying on raw URL hashing for replay detection. Attackers can exploit this by reordering query parameters, which may permit them to circumvent replay cache detection. Consequently, this manipulation can result in unauthorized duplicate processing of voice calls triggered by a previously captured valid signed webhook, potentially leading to significant security breaches.

Affected Version(s)

OpenClaw 0 < 2026.3.28

OpenClaw 2026.3.28

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/openclaw-webhook-rep...

third-party-advisory

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

zsx (@zsxsoft)

KeenSecurityLab

CVE-2026-41395 Data

JSON

Openclaw

What is CVE-2026-41395?

Affected Version(s)

References

CVSS V4

Timeline

Credit