OpenClaw, Webhook Verification Bypass, CVE-2026-XXXXX (Medium)

Listen to this Post

The vulnerability arises in the OpenClaw voice-call plugin when deployed behind reverse-proxies. The plugin incorrectly trusts forwarded headers like `X-Forwarded-For` or `Forwarded` to determine the original request properties used for webhook verification. In standard operation, a trusted proxy overwrites these headers. However, vulnerable versions accept client-supplied headers directly if not stripped by an intermediary. This allows an attacker to craft a malicious request with spoofed headers that bypass the signature validation (e.g., Twilio signatures), making the application accept the request as legitimate. The root cause is implicit trust in untrusted input for security decisions. The attack is only possible if the voice-call plugin is enabled and the endpoint is exposed. The fix involves ignoring these forwarded headers by default unless an explicit allowlist is configured, ensuring that verification relies solely on direct connection attributes. Patched versions enforce this strict validation, preventing header injection attacks.
Platform: OpenClaw voice-call
Version: <2026.2.3
Vulnerability : Webhook header bypass
Severity: Medium
date: February 17, 2026

Prediction: Patch already available

What Undercode Say:

Analytics

This vulnerability is specific to the `@openclaw/voice-call` plugin (and legacy @clawdbot/voice-call) in reverse-proxy setups . The attack vector is network-based, requiring no privileges but high attack complexity due to the need for specific deployment configurations. The impact is high on integrity, allowing spoofed events, but no impact on confidentiality or availability .

Bash Commands & Checks

Check if the voice-call plugin is installed and enabled
npm list @openclaw/voice-call
For legacy package name
npm list @clawdbot/voice-call
Check current version of OpenClaw
clawdbot --version
To verify if your proxy strips forwarded headers (example using curl)
curl -I -H "X-Forwarded-For: 127.0.0.1" http://your-clawdbot-instance:port/
Upgrade to the patched version
npm install @openclaw/voice-call@latest
If using the legacy package, migrate and update
npm uninstall @clawdbot/voice-call
npm install @openclaw/[email protected]
Manual fix: Strip headers at the edge (NGINX example config)
Add this to your location block:
proxy_set_header X-Forwarded-For "";
proxy_set_header Forwarded "";
Verify the fix commit is present
git log | grep a749db9820eb6d6224032a5a34223d286d2dcc2f

Exploit:

An external attacker sends a POST request to the exposed webhook endpoint. The request includes a forged `X-Forwarded-For` header pointing to a trusted source and a valid-looking but incorrect signature. The vulnerable application trusts the header and bypasses cryptographic verification, processing the fake event.

Protection from this CVE

Immediately upgrade to `@openclaw/voice-call` version 2026.2.3 or later . As a workaround, configure your reverse-proxy (NGINX, Apache, etc.) to strip all `Forwarded` and `X-Forwarded-` headers from incoming requests before they reach the OpenClaw application. Ensure the `tunnel.allowNgrokFreeTierLoopbackBypass` option is disabled in production .

Impact

Successful exploitation allows an unauthenticated adversary to send forged voice-call webhook events. This can lead to spoofed call events, potentially triggering unauthorized actions within the bot, such as executing commands or manipulating call state, compromising the integrity of the voice-call feature .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top