CVE-2026-28465
Improper Authentication in OpenClaw Voice-Call Plugin Enables Webhook Spoofing
Publication date: 2026-03-05
Last updated on: 2026-03-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw's voice-call plugin versions before 2026.2.3. It is an improper authentication vulnerability related to webhook verification. Specifically, remote attackers can bypass the verification process by supplying untrusted forwarded headers such as Forwarded or X-Forwarded-* headers. This is possible in reverse-proxy configurations that implicitly trust these headers, allowing attackers to spoof webhook events.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers can remotely bypass webhook verification and spoof webhook events. This means unauthorized or malicious webhook events could be accepted as legitimate, potentially leading to unauthorized actions or data manipulation within systems relying on these webhooks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know