CVE-2026-35618 PUBLISHED

OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

Assigner: VulnCheck
Reserved: 04.04.2026 Published: 09.04.2026 Updated: 10.04.2026

OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.3

Product Status

Vendor OpenClaw
Product OpenClaw
Versions Default: unaffected
  • affected from 0 to 2026.3.23 (excl.)
  • Version 2026.3.23 is unaffected

Credits

  • smaeljaish771 reporter
  • KeenSecurityLab finder

References

Problem Types

  • CWE-294 Authentication Bypass by Capture-replay CWE