Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.5 views

CVE-2026-41402

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS5.2AI score0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS5.2AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.28 views

CVE-2026-41395 OpenClaw < 2026.3.28 - Webhook Replay via Query Parameter Reordering in Plivo V3

OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay cache detection and trigger duplicate voice-call...

8.2CVSS0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35779

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An issue exists in Plivo V3 signature verification where the system canonicalizes query ordering for signatures but hashes raw URLs for replay detection. This allows attackers to reorder query...

8.2CVSS5.8AI score0.00149EPSS
Exploits0References5
Rows per page
Query Builder