OpenClaw Webhook Replay Cache Scope Bypass Vulnerability

A scope bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.31. This vulnerability resides in the webhook replay cache deduplication process, allowing authenticated attackers to replay messages across sibling targets using the same message ID. The issue arises from overly broad cache keying, which enables the bypass of replay protection and the delivery of duplicate webhook messages to unintended targets.

Impact

Exploitation of this vulnerability allows for the unauthorized replay of webhook messages across different targets, potentially leading to incorrect processing of these messages by the recipient targets.

Reproduction

To reproduce this vulnerability, an authenticated user can send a webhook message with a specific message ID to one target. Due to the broad caching mechanism, the same message ID can be used to replay the message to a sibling target, bypassing the intended delivery scope and causing the message to be processed as if it were a new, unique event.

Remediation

Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.