What is CVE-2026-28449?

CVE-2026-28449 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Capture-replay. CVSS score: 6.5/10. Published 2026-03-19.

How severe is CVE-2026-28449?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Openclaw

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook r…

EPSS: 0.001 (20.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.

Affected products

Openclaw — versions 0

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

References

GitHub Security Advisory (GHSA-r9q5-c7qc-p26w) (third-party-advisory)
Patch Commit (patch)
VulnCheck Advisory: OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression (third-party-advisory)

Frequently asked questions

What is CVE-2026-28449?: CVE-2026-28449 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Capture-replay. CVSS score: 6.5/10. Published 2026-03-19.
How severe is CVE-2026-28449?: Medium severity. CVSS v3 base score is 6.5 out of 10.