CVE-2026-26319 in OpenClaw
Summary
by MITRE • 02/20/2026
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are expected to be authenticated via Ed25519 signature verification. In affected versions, TelnyxProvider.verifyWebhook() could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events. This only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy). The issue has been fixed in version 2026.2.14.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability identified as CVE-2026-26319 affects OpenClaw personal AI assistant versions 2026.2.13 and earlier, specifically within the optional @openclaw/voice-call plugin that handles Telnyx webhook requests. This security flaw represents a critical authentication bypass that stems from improper webhook verification mechanisms within the TelnyxProvider component. The vulnerability occurs when the telnyx.publicKey configuration parameter is not set, creating a dangerous failure-open condition that allows unauthorized parties to submit forged webhook events without proper authentication.
The technical implementation of this vulnerability resides in the TelnyxProvider.verifyWebhook() method which is designed to validate incoming webhook requests using Ed25519 signature verification as mandated by Telnyx security protocols. When no public key is configured, the verification function fails to properly validate incoming requests, effectively disabling the security mechanism that should prevent unauthorized webhook processing. This creates a scenario where any HTTP POST request sent to the voice-call webhook endpoint can be treated as legitimate Telnyx events, regardless of its actual origin or authenticity.
The operational impact of this vulnerability extends beyond simple authentication failure, as it enables attackers to manipulate the AI assistant's voice call functionality through forged Telnyx events. An attacker who can reach the publicly exposed webhook endpoint could potentially trigger unauthorized voice calls, modify call states, or manipulate other voice-related features within the OpenClaw system. This represents a significant risk to both privacy and potential financial impact, particularly if the system is integrated with telephony services that may incur charges for unauthorized usage. The vulnerability specifically affects deployments where the Voice Call plugin is installed, enabled, and accessible to external attackers through network exposure such as public tunnels or proxies.
Security practitioners should note this vulnerability aligns with CWE-347, which addresses improper verification of cryptographic signatures, and maps to ATT&CK technique T1566.001 for credential access through social engineering. The fix implemented in version 2026.2.14 addresses this by ensuring proper webhook verification even when no public key is configured, implementing either mandatory configuration requirements or robust default security measures. Organizations should immediately update to version 2026.2.14 and review their network exposure settings to ensure webhook endpoints are not publicly accessible without proper authentication layers. Additionally, security monitoring should be implemented to detect unusual patterns in webhook processing that might indicate exploitation attempts, particularly focusing on unauthorized voice call initiation or modification events that could indicate successful exploitation of this vulnerability.