Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Twilio Webhook Events Can Be Replayable in OpenClaw
CVE-2026-32053
Summary
If you're using OpenClaw versions prior to 2026.2.23, an attacker could potentially send old or duplicate Twilio event messages, causing your system to handle calls incorrectly or become corrupted. This is a security risk because it can affect how your system handles calls. Update to version 2026.2.23 or later to fix this issue.
Original title
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedu...
Original description
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption.
nvd CVSS3.1
6.5
nvd CVSS4.0
6.9
Vulnerability type
CWE-294
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026