What is the CVSS score of CVE-2026-29606?

CVE-2026-29606 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by CVE-2026-29606?

CVE-2026-29606 presents notable security risk, a missing authentication vulnerability rated CVSS 6.5. This could allow unauthorized access to protected resources.. A patch is available.

Openclaw CVE-2026-29606

MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-03-05 disclosure@vulncheck.com

GHSA-c37p-4qqg-3p76

Authentication Bypass Openclaw

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

Patch released

Mar 11, 2026 - 01:10 nvd

Patch available

CVE Published

Mar 05, 2026 - 22:16 nvd

MEDIUM 6.5

DescriptionNVD

OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that allows unauthenticated requests when the tunnel.allowNgrokFreeTierLoopbackBypass option is explicitly enabled. An external attacker can send forged requests to the publicly reachable webhook endpoint without a valid X-Twilio-Signature header, resulting in unauthorized webhook event handling and potential request flooding attacks.

AnalysisAI

Openclaw versions up to 2026.2.14 is affected by missing authentication for critical function (CVSS 6.5).

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Audit authentication configurations.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-29606 vulnerability details – vuln.today

Back

Openclaw CVE-2026-29606

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code