CVE-2026-28449 Overview
OpenClaw versions prior to 2026.2.25 are vulnerable to a webhook replay attack due to the lack of durable replay state for Nextcloud Talk webhook events. This vulnerability allows valid signed webhook requests to be replayed without suppression, enabling attackers to capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing. The exploitation of this flaw can cause integrity or availability issues in affected systems.
Critical Impact
Attackers can capture and replay valid signed webhook requests, causing duplicate message processing and potential integrity or availability issues in Nextcloud Talk integrations.
Affected Products
- OpenClaw versions prior to 2026.2.25
- OpenClaw Node.js package (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)
Discovery Timeline
- 2026-03-19 - CVE CVE-2026-28449 published to NVD
- 2026-03-19 - Last updated in NVD database
Technical Details for CVE-2026-28449
Vulnerability Analysis
This vulnerability is classified under CWE-294 (Authentication Bypass by Capture-replay), which describes a weakness where an attacker can bypass authentication by capturing legitimate credentials or tokens and replaying them. In the case of OpenClaw, the Nextcloud Talk webhook integration failed to implement durable replay suppression mechanisms, allowing attackers to intercept valid signed webhook requests and replay them at will.
The vulnerability exists within the webhook handling mechanism for Nextcloud Talk integration. When a webhook event is received, the system validates the signature but does not maintain persistent state to track whether that specific request has been processed before. This creates a window of opportunity for attackers with network access to capture valid webhook traffic and replay it multiple times.
Root Cause
The root cause of this vulnerability is the absence of durable replay state management in the Nextcloud Talk webhook handler. Without persistent tracking of processed webhook events, the system cannot distinguish between legitimate first-time requests and replayed duplicate requests. The fix introduces a replay-guard.ts module that implements persistent deduplication using both in-memory caching and file-based storage.
Attack Vector
The attack is network-based and requires the attacker to have the ability to intercept webhook traffic between Nextcloud Talk and the OpenClaw instance. The attack flow involves:
- Attacker captures a valid, signed webhook request from Nextcloud Talk
- Attacker replays the captured request to the OpenClaw webhook endpoint
- OpenClaw validates the signature (which is still valid) and processes the webhook
- Duplicate message processing occurs, potentially causing integrity or availability issues
The following code shows the security patch that introduces durable replay suppression:
import path from "node:path";
import { createPersistentDedupe } from "openclaw/plugin-sdk";
const DEFAULT_REPLAY_TTL_MS = 24 * 60 * 60 * 1000;
const DEFAULT_MEMORY_MAX_SIZE = 1_000;
const DEFAULT_FILE_MAX_ENTRIES = 10_000;
function sanitizeSegment(value: string): string {
const trimmed = value.trim();
if (!trimmed) {
return "default";
}
return trimmed.replace(/[^a-zA-Z0-9_-]/g, "_");
}
function buildReplayKey(params: { roomToken: string; messageId: string }): string | null {
const roomToken = params.roomToken.trim();
const messageId = params.messageId.trim();
if (!roomToken || !messageId) {
return null;
}
return `${roomToken}:${messageId}`;
}
export type NextcloudTalkReplayGuardOptions = {
stateDir: string;
ttlMs?: number;
memoryMaxSize?: number;
fileMaxEntries?: number;
onDiskError?: (error: unknown) => void;
Source: GitHub Commit d512163
Detection Methods for CVE-2026-28449
Indicators of Compromise
- Multiple identical webhook requests from the same source IP within a short time window
- Duplicate message IDs processed in Nextcloud Talk integrations
- Unusual patterns of webhook traffic that suggest capture-replay activity
- Logs showing repeated processing of the same roomToken:messageId combinations
Detection Strategies
- Monitor webhook endpoint logs for duplicate request signatures or message identifiers
- Implement alerting on high-frequency webhook calls from single sources
- Analyze network traffic for patterns consistent with captured and replayed requests
- Review application logs for duplicate inbound message processing events
Monitoring Recommendations
- Enable detailed logging for the Nextcloud Talk webhook endpoint
- Set up alerts for anomalous webhook request patterns and duplicate processing
- Monitor system integrity metrics for unexpected changes caused by replay attacks
- Implement network-level monitoring to detect potential traffic interception attempts
How to Mitigate CVE-2026-28449
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.25 or later immediately
- Review application logs for signs of potential replay attack exploitation
- Audit webhook traffic for duplicate or suspicious requests
- Consider temporarily disabling the Nextcloud Talk webhook integration until patched
Patch Information
The security patch is available in OpenClaw version 2026.2.25. The fix introduces a replay-guard.ts module that implements durable replay suppression using a combination of in-memory caching (up to 1,000 entries) and file-based persistence (up to 10,000 entries) with a default TTL of 24 hours. This ensures that previously processed webhook requests cannot be replayed successfully.
For detailed patch information, see the GitHub Security Advisory and the commit fix.
Workarounds
- If upgrading is not immediately possible, consider implementing network-level controls to restrict webhook traffic sources
- Add rate limiting on the webhook endpoint to reduce the impact of replay attacks
- Implement additional application-level logging to detect and alert on potential replay attempts
- Use network segmentation to limit exposure of the webhook endpoint
# Configuration example - Upgrade OpenClaw to patched version
npm update openclaw@2026.2.25
# Verify the installed version
npm list openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
