CVE-2026-41402
Received Received - Intake
Scope Bypass in OpenClaw Webhook Cache Enables Replay Attacks

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver duplicate webhook messages to unintended targets.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-41402
EUVD
EUVD-2026-26109
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.31 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-706 The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.3.31 and involves a scope bypass in the webhook replay cache deduplication mechanism.

Authenticated attackers can exploit this flaw by replaying messages across sibling targets that share the same messageId.

The root cause is overly broad cache keying, which allows attackers to bypass replay protection and deliver duplicate webhook messages to unintended targets.

Impact Analysis

The vulnerability allows attackers to bypass replay protection and send duplicate webhook messages to unintended targets.

This could lead to confusion or unintended processing of repeated webhook events by sibling targets, potentially causing inconsistent system behavior or unauthorized actions triggered by replayed messages.

Mitigation Strategies

To mitigate the CVE-2026-41402 vulnerability, you should upgrade OpenClaw to version 2026.3.31 or later, as this version contains the fix for the scope bypass issue in the webhook replay cache deduplication mechanism.

This update addresses the overly broad cache keying that allowed authenticated attackers to replay webhook messages across sibling targets, thereby restoring proper replay protection.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41402. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart