GHSA-4HG8-92X6-H2F3 OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests
Summary In affected versions, OpenClaw's optional @openclaw/voice-call plugin Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey was not configured, allowing unauthenticated callers to forge Telnyx events. This only impacts deployments where the Voice Call...