CVE-2026-41362 Overview
CVE-2026-41362 is an improper cache isolation vulnerability [CWE-668] in OpenClaw versions 2026.2.19 through 2026.3.31. The flaw exists in the Zalo webhook replay-dedupe mechanism, where a single shared cache spans all authenticated webhook targets. An attacker controlling one authenticated Zalo webhook path in a multi-account deployment can suppress legitimate events on different accounts. The attack succeeds by matching event_name and message_id parameters used as the dedupe key.
The issue affects Node.js deployments of OpenClaw operating multiple Zalo accounts behind a single instance.
Critical Impact
An authenticated attacker on one webhook target can suppress legitimate webhook events belonging to other tenants by reusing matching message identifiers, breaking cross-account isolation.
Affected Products
- OpenClaw 2026.2.19 through versions prior to 2026.3.31
- OpenClaw deployments running on Node.js with the Zalo extension enabled
- Multi-account OpenClaw configurations sharing the webhook replay-dedupe cache
Discovery Timeline
- 2026-04-28 - CVE-2026-41362 published to NVD
- 2026-04-28 - Last updated in NVD database
Technical Details for CVE-2026-41362
Vulnerability Analysis
The vulnerability resides in extensions/zalo/src/monitor.webhook.ts, specifically the isReplayEvent function. OpenClaw uses an in-memory map, recentWebhookEvents, to suppress duplicate Zalo webhook deliveries. Before the patch, the cache key did not adequately isolate entries by authenticated target path and account identifier, allowing cross-target collisions.
When one tenant submits a webhook with a chosen event_name and message_id, the resulting cache entry can match incoming events on a separate account. The legitimate event is then classified as a replay and silently dropped. This breaks the integrity of event delivery without producing visible errors, making the suppression difficult to observe.
Root Cause
The root cause is shared-resource isolation failure [CWE-668]. The replay deduplication state was treated as a global namespace rather than being scoped to each authenticated webhook target. Tenant boundaries were not enforced in the cache key construction.
Attack Vector
An attacker requires authenticated access to at least one Zalo webhook path on a multi-account OpenClaw instance. The attacker sends webhook payloads with predictable event_name and message_id values, populating the shared cache. Subsequent legitimate webhook events from other tenants that share those identifiers are treated as duplicates and discarded.
// Patch: scope replay dedupe cache key to path and account
// Source: https://github.com/openclaw/openclaw/commit/7cea7c29705b188b464cc9cdc107c275b94b2a72
function buildReplayEventCacheKey(
target: ZaloWebhookTarget,
update: ZaloUpdate,
messageId: string,
): string {
const chatId = update.message?.chat?.id ?? "";
const senderId = update.message?.from?.id ?? "";
return JSON.stringify([
target.path,
target.account.accountId,
update.event_name,
chatId,
senderId,
messageId,
]);
}
The fix introduces buildReplayEventCacheKey, which incorporates target.path and target.account.accountId into a structured JSON key. This ensures that replay state is partitioned per authenticated target and per account.
Detection Methods for CVE-2026-41362
Indicators of Compromise
- Unexplained gaps in Zalo webhook event delivery for specific accounts, particularly missing message_id values that should appear in sequence.
- Multiple webhook submissions from a single authenticated target containing repeated or low-entropy message_id values.
- Cross-account correlation showing one tenant's incoming message_id matching another tenant's previously processed events.
Detection Strategies
- Enable verbose logging on the isReplayEvent code path to capture cache hits, including the originating target path and account identifier.
- Audit recentWebhookEvents cache contents at runtime to identify entries whose keys span multiple accounts before the patch is applied.
- Compare upstream Zalo delivery logs with OpenClaw-processed event counts to surface dropped events.
Monitoring Recommendations
- Alert on spikes of duplicate-classification events originating from any single authenticated webhook target.
- Track per-account webhook delivery rates and trigger an alert when one account's rate drops while sibling accounts continue receiving traffic.
- Monitor commit hashes 4d038bb2 and 7cea7c29 across deployed OpenClaw instances to confirm patch presence.
How to Mitigate CVE-2026-41362
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.31 or later, which contains both remediation commits.
- Audit all authenticated Zalo webhook targets and revoke credentials for untrusted tenants until the patch is applied.
- Restart the OpenClaw process after upgrading to clear any poisoned entries in recentWebhookEvents.
Patch Information
Two upstream commits address the issue. Commit 4d038bb242c11f39e45f6a4bde400e5fd42e4ebf ensures recentWebhookEvents.clear() runs alongside other security state resets. Commit 7cea7c29705b188b464cc9cdc107c275b94b2a72 rewrites the cache key construction via buildReplayEventCacheKey to include target.path and target.account.accountId. See the GitHub Security Advisory GHSA-fqrj-m88p-qf3v and the VulnCheck Security Advisory for full details.
Workarounds
- Isolate each Zalo account into its own OpenClaw process or container so that the recentWebhookEvents cache is not shared across tenants.
- Restrict webhook authentication so that only fully trusted, first-party targets are permitted until upgrading.
- Periodically invoke clearZaloWebhookSecurityStateForTest() or an equivalent operational reset to flush the shared cache on a short interval.
# Pin OpenClaw to the patched release
npm install openclaw@2026.3.31
# Verify the patched function is present in the installed package
grep -n "buildReplayEventCacheKey" \
node_modules/openclaw/extensions/zalo/src/monitor.webhook.ts
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
