CVE-2026-32053
Replay Vulnerability in OpenClaw Twilio Webhook Event Deduplication
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.23 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32053 is a vulnerability in OpenClaw versions prior to 2026.2.23 related to Twilio webhook event deduplication.'}, {'type': 'paragraph', 'content': "The problem arises because normalized event IDs are randomized each time they are parsed, which allows attackers to replay Twilio webhook events that bypass the system's deduplication checks."}, {'type': 'paragraph', 'content': 'This replay attack can cause duplicate or stale call-state transitions, potentially leading to incorrect call handling and corruption of call state.'}] [2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability allows attackers to replay Twilio webhook events, which can bypass the voice-call manager's deduplication mechanism."}, {'type': 'paragraph', 'content': 'As a result, duplicate or stale call-state transitions may be triggered, potentially causing incorrect call handling and state corruption.'}, {'type': 'paragraph', 'content': 'This can disrupt call management, leading to unreliable or erroneous call behavior.'}] [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-32053 in OpenClaw, you should upgrade to version 2026.2.23 or later where the issue is fixed.
- Upgrade OpenClaw to version 2026.2.23 which preserves original provider event IDs during normalization.
- Ensure bounded replay deduplication is implemented within webhook security validation.
- Enforce per-call turn-token checks on call-state transitions to prevent replayed events from bypassing authentication and authorization.