OpenClaw versions prior to 2026.3.31 allow an attacker to bypass the webhook replay detection mechanism by re-encoding Telnyx webhook signatures from Base64 to Base64URL or vice‑versa. The signature verification logic treats these two encodings as distinct, so an attacker can replay a verified request without triggering the replay guard. The result is that the same webhook payload can be processed multiple times, potentially leading to duplicate operations, double charges, or other unintended side effects. The weakness is a cryptographic parameter handling issue (CWE-294).

The vulnerability affects the OpenClaw product released by OpenClaw in all versions prior to 2026.3.31. No specific patch versions are provided beyond the statement that upgrading beyond 2026.3.31 resolves the issue.

The CVSS score of 6.3 indicates moderate severity. The EPSS score is below 1%, implying a very low likelihood of widespread exploitation at present. The vulnerability is not listed in CISA’s KEV catalog, suggesting that no widespread, targeted attacks have been observed yet. However, if attackers obtain a valid webhook signature for a legitimate Telnyx integration, they can easily re‑encode it to replay the message; therefore the attack can be performed by anyone who can capture the signature during normal operation. The described exploit path requires only the ability to see or capture a legitimate webhook request, then re‑encode its signature before re‑sending it to the OpenClaw webhook endpoint.