Listen to this Post
The vulnerability arises in the OpenClaw voice-call plugin when deployed behind reverse-proxies. The plugin incorrectly trusts forwarded headers like `X-Forwarded-For` or `Forwarded` to determine the original request properties used for webhook verification. In standard operation, a trusted proxy overwrites these headers. However, vulnerable versions accept client-supplied headers directly if not stripped by an intermediary. This allows an attacker to craft a malicious request with spoofed headers that bypass the signature validation (e.g., Twilio signatures), making the application accept the request as legitimate. The root cause is implicit trust in untrusted input for security decisions. The attack is only possible if the voice-call plugin is enabled and the endpoint is exposed. The fix involves ignoring these forwarded headers by default unless an explicit allowlist is configured, ensuring that verification relies solely on direct connection attributes. Patched versions enforce this strict validation, preventing header injection attacks.
Platform: OpenClaw voice-call
Version: <2026.2.3
Vulnerability : Webhook header bypass
Severity: Medium
date: February 17, 2026
Prediction: Patch already available
What Undercode Say:
Analytics
This vulnerability is specific to the `@openclaw/voice-call` plugin (and legacy @clawdbot/voice-call) in reverse-proxy setups . The attack vector is network-based, requiring no privileges but high attack complexity due to the need for specific deployment configurations. The impact is high on integrity, allowing spoofed events, but no impact on confidentiality or availability .
Bash Commands & Checks
Check if the voice-call plugin is installed and enabled npm list @openclaw/voice-call For legacy package name npm list @clawdbot/voice-call Check current version of OpenClaw clawdbot --version To verify if your proxy strips forwarded headers (example using curl) curl -I -H "X-Forwarded-For: 127.0.0.1" http://your-clawdbot-instance:port/ Upgrade to the patched version npm install @openclaw/voice-call@latest If using the legacy package, migrate and update npm uninstall @clawdbot/voice-call npm install @openclaw/[email protected] Manual fix: Strip headers at the edge (NGINX example config) Add this to your location block: proxy_set_header X-Forwarded-For ""; proxy_set_header Forwarded ""; Verify the fix commit is present git log | grep a749db9820eb6d6224032a5a34223d286d2dcc2f
Exploit:
An external attacker sends a POST request to the exposed webhook endpoint. The request includes a forged `X-Forwarded-For` header pointing to a trusted source and a valid-looking but incorrect signature. The vulnerable application trusts the header and bypasses cryptographic verification, processing the fake event.
Protection from this CVE
Immediately upgrade to `@openclaw/voice-call` version 2026.2.3 or later . As a workaround, configure your reverse-proxy (NGINX, Apache, etc.) to strip all `Forwarded` and `X-Forwarded-` headers from incoming requests before they reach the OpenClaw application. Ensure the `tunnel.allowNgrokFreeTierLoopbackBypass` option is disabled in production .
Impact
Successful exploitation allows an unauthenticated adversary to send forged voice-call webhook events. This can lead to spoofed call events, potentially triggering unauthorized actions within the bot, such as executing commands or manipulating call state, compromising the integrity of the voice-call feature .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

