OpenClaw Nextcloud Talk Webhook Replay Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.2.25, where the application fails to maintain a durable replay state for Nextcloud Talk webhook events. This oversight allows valid signed webhook requests to be replayed without any suppression. As a result, attackers could capture and resend previously valid signed webhook requests, triggering duplicate processing of inbound messages and potentially causing integrity or availability issues.

Impact

Exploitation of this vulnerability could lead to unauthorized replay of webhook events, causing duplicate message processing and associated integrity or availability problems.

Reproduction

To reproduce this vulnerability, send a signed webhook request to an OpenClaw instance with a Nextcloud Talk integration. After the initial processing of the webhook, the same request can be replayed without being blocked, due to the lack of durable replay state management. This can be automated with a script or tool that captures the original webhook request and sends it again after the replay window has expired.

Remediation

Users can update to OpenClaw version 2026.2.25 or later, where this vulnerability has been addressed.