CVE-2026-28449 in OpenClawinformation

Résumé

par MITRE • 19/03/2026

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

27/02/2026

Divulgation

19/03/2026

Modérer

accepté

Entrée

VDB-351657

CPE

prêt

CWE

CWE-294 (confirmé)

CVSS

6.5 (NVD)

EPSS

0.00066

KEV

non

Activités

très faible

Secteur

Homeoffice, Transportation, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28449
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28449
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28449/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!