CVE-2026-28449 in OpenClawinfo

Zusammenfassung

von MITRE • 19.03.2026

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

27.02.2026

Veröffentlichung

19.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351657

CPE

bereit

CWE

CWE-294 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.00066

KEV

nein

Aktivitäten

very low

Sektor

Homeoffice, Insurance, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28449
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28449
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28449/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!