What is CVE-2026-32053?

CVE-2026-32053 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Capture-replay. CVSS score: 6.5/10. Published 2026-03-21.

How severe is CVE-2026-32053?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Openclaw

CVE-2026-32053

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio web…

EPSS: 0.000 (6.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.

Affected products

Openclaw — versions 0, 2026.2.23

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

References

GitHub Security Advisory (GHSA-vqx8-9xxw-f2m7) (third-party-advisory)
Patch Commit (patch)
VulnCheck Advisory: OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization (third-party-advisory)

Frequently asked questions

What is CVE-2026-32053?: CVE-2026-32053 is a medium-severity vulnerability in Openclaw, classified under Authentication Bypass by Capture-replay. CVSS score: 6.5/10. Published 2026-03-21.
How severe is CVE-2026-32053?: Medium severity. CVSS v3 base score is 6.5 out of 10.