OpenClaw Voice Call Plugin Telnyx Webhook Authentication Bypass Vulnerability

A vulnerability exists in the OpenClaw personal AI assistant, specifically in the voice call plugin's Telnyx webhook handler, in versions through 2026.2.13. The issue arises because the webhook can accept unsigned inbound requests when the Telnyx public key is not configured. This flaw enables unauthenticated callers to forge Telnyx events, as the webhook verification process can be bypassed. The vulnerability only affects deployments where the Voice Call plugin is active and the webhook endpoint is accessible from the attacker, such as through a public tunnel or proxy.

Impact

Exploitation of this vulnerability allows for unauthorized users to send forged events to the Telnyx webhook, potentially leading to unauthorized actions or responses within the application.

Reproduction

To reproduce this vulnerability, deploy OpenClaw version 2026.2.13 or earlier with the voice call plugin enabled. Ensure that the Telnyx public key is not set, and that the webhook endpoint is accessible from the internet, such as through a public ngrok tunnel. Once this is done, send a POST request to the voice-call webhook endpoint. The request will be accepted as a legitimate Telnyx event, despite lacking proper authentication.

Remediation

Users can update to OpenClaw version 2026.2.14 or later, which requires the Telnyx public key to be configured for webhook signature verification. For those using the application in a local development environment, the public key can be omitted by setting 'skipSignatureVerification' to true.