CVE-2026-26319 Overview
CVE-2026-26319 is an Authentication Bypass vulnerability affecting OpenClaw, a personal AI assistant. The vulnerability exists in the optional @openclaw/voice-call plugin's Telnyx webhook handler, which improperly handles authentication when the telnyx.publicKey configuration is not set. This allows unauthenticated attackers to forge Telnyx webhook events and submit arbitrary requests that the system treats as legitimate.
Critical Impact
Attackers can forge Telnyx webhook events without authentication, potentially manipulating voice call functionality and injecting malicious events into OpenClaw deployments with publicly exposed webhook endpoints.
Affected Products
- OpenClaw versions 2026.2.13 and below
- OpenClaw deployments with the Voice Call plugin installed and enabled
- Systems with webhook endpoints publicly exposed via tunnel or proxy
Discovery Timeline
- 2026-02-19 - CVE CVE-2026-26319 published to NVD
- 2026-02-19 - Last updated in NVD database
Technical Details for CVE-2026-26319
Vulnerability Analysis
The vulnerability stems from improper authentication handling in the TelnyxProvider.verifyWebhook() function. Telnyx webhooks are designed to be authenticated using Ed25519 signature verification, which ensures that incoming webhook requests originate from Telnyx's legitimate infrastructure. However, in affected versions, when the telnyx.publicKey configuration option is not set, the verification function fails open rather than failing closed.
This design flaw means that deployments without a configured public key will accept any HTTP POST request to the voice-call webhook endpoint as a legitimate Telnyx event. The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function), as the system fails to enforce authentication when the configuration is incomplete.
Root Cause
The root cause is a fail-open design pattern in the webhook signature verification logic. When telnyx.publicKey is not configured, TelnyxProvider.verifyWebhook() does not reject requests but instead allows them to pass through without cryptographic verification. This violates the principle of secure defaults, where missing security configurations should result in denied access rather than bypassed controls.
Attack Vector
The attack can be executed remotely over the network without requiring any authentication or user interaction. An attacker targeting a vulnerable OpenClaw deployment would:
- Identify an OpenClaw instance with the Voice Call plugin enabled
- Locate the publicly accessible webhook endpoint (typically exposed via a tunnel or reverse proxy)
- Craft malicious HTTP POST requests mimicking Telnyx webhook event structures
- Submit forged events directly to the webhook endpoint
- The system processes these requests as legitimate Telnyx events, enabling event injection attacks
Since the vulnerability requires no privileges or user interaction and can be exploited over the network, deployments with publicly exposed webhook endpoints are directly at risk. The impact primarily affects integrity, as attackers can inject forged events into the voice call processing pipeline.
Detection Methods for CVE-2026-26319
Indicators of Compromise
- Unexpected or anomalous HTTP POST requests to the voice-call webhook endpoint from non-Telnyx IP addresses
- Webhook events lacking valid Ed25519 signature headers (Telnyx-Signature-Ed25519 or similar)
- Unusual patterns of voice call events that don't correlate with legitimate user activity
- Log entries showing webhook processing without corresponding Telnyx signature validation
Detection Strategies
- Implement network monitoring to detect POST requests to webhook endpoints from unauthorized IP ranges
- Configure web application firewalls (WAF) to alert on webhook requests missing expected signature headers
- Enable detailed logging for the voice-call plugin to capture all incoming webhook requests and their validation status
- Deploy SentinelOne Singularity to monitor for suspicious process activity and network connections associated with OpenClaw
Monitoring Recommendations
- Audit OpenClaw configuration files to verify telnyx.publicKey is properly configured
- Monitor webhook endpoint access logs for requests from IP addresses outside Telnyx's known infrastructure
- Set up alerts for webhook processing errors or signature validation failures
- Regularly review voice call event logs for anomalies indicative of forged events
How to Mitigate CVE-2026-26319
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.14 or later immediately
- Verify that telnyx.publicKey is properly configured in all deployments using the Voice Call plugin
- If upgrade is not immediately possible, restrict network access to the webhook endpoint to Telnyx IP ranges only
- Audit recent webhook logs for potential exploitation attempts
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.14. The fix ensures that webhook signature verification fails closed when the public key is not configured, rejecting unauthenticated requests by default. The security patches are available through the following commits:
Download the patched release from the GitHub Release v2026.2.14. For complete vulnerability details, refer to the GitHub Security Advisory GHSA-4hg8-92x6-h2f3.
Workarounds
- Configure telnyx.publicKey with a valid Telnyx public key to enable proper Ed25519 signature verification
- Restrict webhook endpoint access at the network level using firewall rules to allow only Telnyx IP addresses
- Disable the Voice Call plugin entirely if it is not required for your deployment
- Place the webhook endpoint behind an authenticated reverse proxy until the patch can be applied
# Configuration example
# Ensure telnyx.publicKey is properly configured in your OpenClaw configuration
# Example: Add to your openclaw configuration file
TELNYX_PUBLIC_KEY="your_telnyx_ed25519_public_key_here"
# Alternatively, restrict webhook access via firewall (example using iptables)
# Allow only Telnyx IP ranges to access the webhook port
iptables -A INPUT -p tcp --dport 443 -s 64.62.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
