Vulnerability Description
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.23 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/1d28da55a5d0ff409e34999e0961157e9db0Patch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7MitigationVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-twilio-webhook-replay-bypass-via-rThird Party Advisory
FAQ
What is CVE-2026-32053?
CVE-2026-32053 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe ...
How severe is CVE-2026-32053?
CVE-2026-32053 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-32053?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.