32 matches found
EUVD-2026-25335
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
Duplicate Advisory: OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-37v6-fxx8-xjmx. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats...
CVE-2026-41351
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
PT-2026-34782
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a bypass vulnerability in the webhook signature processing mechanism. The vulnerability allowed attacke...
GHSA-37V6-FXX8-XJMX OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...
OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature...
Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2
Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...
GHSA-955R-262C-33JC Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2
Summary On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline...
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions 4.87.1 & 4.87.2 of its Python SDK to steal cloud and crypto credentials...
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows...
PYSEC-2026-3 Two telnyx versions published containing credential harvesting malware
After an API token exposure from an exploited Trivy dependency, two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March...
The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
...
MAL-2026-2254 Malicious code in telnyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64fdec8c3d81e855431dd89a2eb1008654d9d4ba0e01293166234b3609efe00a The OpenSSF Package Analysis project identified 'telnyx' @ 4.87.2 pypi as malicious. It is considered malicious because: - The package executes...
Malicious code in telnyx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64fdec8c3d81e855431dd89a2eb1008654d9d4ba0e01293166234b3609efe00a The OpenSSF Package Analysis project identified 'telnyx' @ 4.87.2 pypi as malicious. It is considered malicious because: - The package executes...
mad-notifications (=6.0.0rc9), voicetest (>=0.20.0 <=0.42.0) +1 more potentially affected by unknown CVE via telnyx (=4.124.0)
telnyx PYPI version =4.124.0 is affected by a known vulnerability. The following packages have a transitive dependency on telnyx and may be impacted: - mad-notifications =6.0.0rc9 - voicetest =0.20.0, =0.4.0, =0.4.4 Source cves: unknown CVE Source advisory: SNYK:PYTHON-TELNYX-15790745...
Embedded Malicious Code
Overview telnyx is a library that provides convenient access to the Telnyx REST API from any Python 3.9+ application. The library includes type definitions for all request params and response fields, and offers both synchronous and asynchronous clients powered by httpx. Affected versions of this...
OpenClaw Access Control Error Vulnerability
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...