OpenClaw Twilio Webhook Replay Vulnerability Allowing Dedupe Bypass
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.2.23 that affects Twilio webhook event deduplication. The issue arises because normalized event IDs are randomized with each parse, allowing replayed events to bypass the manager's deduplication checks. As a result, attackers can replay Twilio webhook events, triggering duplicate or stale call-state transitions, which may lead to incorrect call handling and state corruption.
Impact
Exploitation of this vulnerability allows for bypassing deduplication checks on Twilio webhook events, leading to incorrect call state management and potential corruption of call data.
Reproduction
To reproduce this vulnerability, send a replayed Twilio webhook event to an OpenClaw instance running a vulnerable version. The event will be processed as if it were new, bypassing the deduplication checks and potentially causing incorrect call state transitions.
Remediation
Users can update to OpenClaw version 2026.2.23 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.