CVE-2026-28449 in OpenClawИнформация

Сводка

по MITRE • 19.03.2026

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

27.02.2026

Раскрытие

19.03.2026

Модерация

принято

Вход

VDB-351657

CPE

готов

CWE

CWE-294 (Подтверждённый)

CVSS

6.5 (NVD)

EPSS

0.00066

KEV

Нет

Деятельности

Очень низкий

Сектор

Transportation, Homeoffice, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-28449
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-28449
CVE Details	https://www.cvedetails.com/cve/CVE-2026-28449/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!