Description
OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly reachable webhook endpoint without a valid X-Twilio-Signature header, resulting in unauthorized webhook event handling and potential request flooding attacks.
Published: 2026-03-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Webhook Event Handling and Potential Flooding
Action: Apply Patch
AI Analysis

Impact

OpenClaw versions before 2026.2.14 have a bypass in the voice‑call extension that allows an attacker to send requests to the publicly exposed webhook endpoint without supplying a valid X‑Twilio‑Signature header. Because the verification logic is disabled when the tunnel.allowNgrokFreeTierLoopbackBypass option is enabled, the webhook processes forged events as legitimate, enabling an attacker to trigger arbitrary webhook actions or flood the endpoint with unwanted traffic. This flaw is a missing authentication vulnerability (CWE‑306).

Affected Systems

Any OpenClaw installation using the voice‑call extension and running a version earlier than 2026.2.14 is vulnerable. The affected products are identified as OpenClaw:OpenClaw and the vulnerability applies to all CPE strings matching cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The flaw is not listed in the CISA KEV catalog, further reducing its current exposure. Attackers can exploit the vulnerability remotely by sending crafted webhook events to the public endpoint; no authentication or privileged access is required beyond knowing the URL. If the bypass option is enabled, the attack can affect all users of the affected OpenClaw instance, potentially leading to denial of service or unauthorized processing of events.

Generated by OpenCVE AI on April 16, 2026 at 11:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading to OpenClaw 2026.2.14 or a later version that restores correct webhook signature validation.
  • Disable the tunnel.allowNgrokFreeTierLoopbackBypass option in the OpenClaw configuration until a patch is applied.
  • Restrict inbound traffic to the webhook endpoint with firewall or API‑gateway rules, or enforce the presence of a valid X‑Twilio‑Signature header as an additional gate against unauthenticated requests.

Generated by OpenCVE AI on April 16, 2026 at 11:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c37p-4qqg-3p76 OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled
History

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Thu, 05 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Thu, 05 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly reachable webhook endpoint without a valid X-Twilio-Signature header, resulting in unauthorized webhook event handling and potential request flooding attacks.
Title OpenClaw < 2026.2.14 - Webhook Signature Verification Bypass via ngrok Loopback Compatibility
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-306
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-09T20:38:15.101Z

Reserved: 2026-03-04T16:16:15.967Z

Link: CVE-2026-29606

cve-icon Vulnrichment

Updated: 2026-03-09T20:38:10.770Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T22:16:23.850

Modified: 2026-03-11T01:10:47.747

Link: CVE-2026-29606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:00:11Z

Weaknesses