Monthly
Authentication bypass in OpenClaw versions prior to 2026.3.23 enables attackers to forge Plivo V2 signature-verified requests without credentials. The vulnerability stems from replay key derivation using full URLs with query parameters rather than canonicalized base URLs, allowing unauthenticated remote attackers to manipulate query strings on signed requests and generate new valid verification keys. This permits bypassing webhook authentication controls and injecting malicious requests into Plivo-integrated telephony workflows. No public exploit or active exploitation confirmed at time of analysis.
Integrity protection bypass in OpenAirInterface v2.2.0 allows unauthenticated network attackers to downgrade 5G security context by forcing acceptance of IA0-only capability during initial UE registration, despite NIA1/NIA2 being configured. Exploitation enables replay attacks against mobile network infrastructure through manipulation of Security Mode Complete messages, compromising session integrity without confidentiality impact. No public exploit identified at time of analysis.
A logic error in the mppx npm package (versions <0.4.11) allows remote attackers to close payment channels without committing funds by exploiting an off-by-one validation flaw in the tempo/session cooperative close handler. The handler incorrectly used '<' instead of '<=' when validating close voucher amounts against settled on-chain amounts, enabling attackers to submit vouchers exactly equal to settled amounts for free channel closure or griefing attacks. No active exploitation confirmed (CISA KEV), but publicly available patch and detailed advisory increase exploitation risk. CVSS 7.5 (High) reflects network-accessible, low-complexity attack requiring no authentication.
Bootstrap setup code replay in OpenClaw before 2026.3.13 enables unauthenticated remote attackers to escalate privileges to operator.admin during device pairing. The vulnerability (CWE-294: Capture-replay) in src/infra/device-bootstrap.ts permits multiple verification attempts of valid bootstrap codes before approval, allowing escalation of pending pairing scopes. CVSS 9.3 (Critical) reflects network-accessible attack with low complexity and no user interaction required. EPSS data unavailable; no public exploit identified at time of analysis. Vendor-released patch available via GitHub commit 1803d16d.
Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.
OpenClaw before version 2026.2.25 fails to implement durable replay state validation for Nextcloud Talk webhook events, allowing attackers to capture and replay previously valid signed webhook requests to cause duplicate processing. This affects all versions of OpenClaw prior to the patched release, and an attacker with network access can exploit this vulnerability without authentication or user interaction to trigger integrity and availability impacts such as duplicate message processing or resource exhaustion.
This vulnerability is an authentication bypass in the Bluetooth Handler component of Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N, exploitable via capture-replay attacks. An unauthenticated attacker on the local network can manipulate Bluetooth communications to bypass authentication mechanisms and gain unauthorized access with high attack complexity. A proof-of-concept exploit is publicly available on GitHub, and the vendor has not responded to disclosure attempts, leaving affected systems without an official patch.
OpenClaw versions prior to 2026.2.23 contain a webhook event deduplication bypass vulnerability where normalized Twilio event IDs are randomized on each parse, allowing attackers to replay webhook events and circumvent the manager's deduplication checks. An unauthenticated remote attacker can exploit this over the network to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. While no CVSS modifier for active exploitation or public POC is explicitly confirmed in the provided intelligence, the CVSS 6.5 score reflects moderate integrity and availability impact with low attack complexity.
OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.
Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.
Authentication bypass in OpenClaw versions prior to 2026.3.23 enables attackers to forge Plivo V2 signature-verified requests without credentials. The vulnerability stems from replay key derivation using full URLs with query parameters rather than canonicalized base URLs, allowing unauthenticated remote attackers to manipulate query strings on signed requests and generate new valid verification keys. This permits bypassing webhook authentication controls and injecting malicious requests into Plivo-integrated telephony workflows. No public exploit or active exploitation confirmed at time of analysis.
Integrity protection bypass in OpenAirInterface v2.2.0 allows unauthenticated network attackers to downgrade 5G security context by forcing acceptance of IA0-only capability during initial UE registration, despite NIA1/NIA2 being configured. Exploitation enables replay attacks against mobile network infrastructure through manipulation of Security Mode Complete messages, compromising session integrity without confidentiality impact. No public exploit identified at time of analysis.
A logic error in the mppx npm package (versions <0.4.11) allows remote attackers to close payment channels without committing funds by exploiting an off-by-one validation flaw in the tempo/session cooperative close handler. The handler incorrectly used '<' instead of '<=' when validating close voucher amounts against settled on-chain amounts, enabling attackers to submit vouchers exactly equal to settled amounts for free channel closure or griefing attacks. No active exploitation confirmed (CISA KEV), but publicly available patch and detailed advisory increase exploitation risk. CVSS 7.5 (High) reflects network-accessible, low-complexity attack requiring no authentication.
Bootstrap setup code replay in OpenClaw before 2026.3.13 enables unauthenticated remote attackers to escalate privileges to operator.admin during device pairing. The vulnerability (CWE-294: Capture-replay) in src/infra/device-bootstrap.ts permits multiple verification attempts of valid bootstrap codes before approval, allowing escalation of pending pairing scopes. CVSS 9.3 (Critical) reflects network-accessible attack with low complexity and no user interaction required. EPSS data unavailable; no public exploit identified at time of analysis. Vendor-released patch available via GitHub commit 1803d16d.
Dovecot OTP authentication enables replay attacks when authentication cache is enabled and username alteration occurs in passdb, allowing attackers who observe an OTP exchange to authenticate as the targeted user. Open-XChange Dovecot Pro is affected (CPE: cpe:2.3:a:open-xchange_gmbh:ox_dovecot_pro:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis, though the vulnerability requires relatively specific preconditions (enabled cache, username modification in passdb) to be exploitable. The CVSS 6.8 score reflects high confidentiality and integrity impact but requires high attack complexity and user interaction.
OpenClaw before version 2026.2.25 fails to implement durable replay state validation for Nextcloud Talk webhook events, allowing attackers to capture and replay previously valid signed webhook requests to cause duplicate processing. This affects all versions of OpenClaw prior to the patched release, and an attacker with network access can exploit this vulnerability without authentication or user interaction to trigger integrity and availability impacts such as duplicate message processing or resource exhaustion.
This vulnerability is an authentication bypass in the Bluetooth Handler component of Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N, exploitable via capture-replay attacks. An unauthenticated attacker on the local network can manipulate Bluetooth communications to bypass authentication mechanisms and gain unauthorized access with high attack complexity. A proof-of-concept exploit is publicly available on GitHub, and the vendor has not responded to disclosure attempts, leaving affected systems without an official patch.
OpenClaw versions prior to 2026.2.23 contain a webhook event deduplication bypass vulnerability where normalized Twilio event IDs are randomized on each parse, allowing attackers to replay webhook events and circumvent the manager's deduplication checks. An unauthenticated remote attacker can exploit this over the network to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. While no CVSS modifier for active exploitation or public POC is explicitly confirmed in the provided intelligence, the CVSS 6.5 score reflects moderate integrity and availability impact with low attack complexity.
OpenClaw versions prior to 2026.2.25 suffer from a webhook replay vulnerability where valid signed Nextcloud Talk webhook requests lack durable replay state suppression, allowing attackers to capture and replay previously legitimate signed requests to trigger duplicate inbound message processing. This can result in message duplication, data integrity issues, and potential availability degradation. While the CVSS score of 4.8 is moderate, the attack requires no authentication and can be executed over the network with medium complexity, making it a viable attack vector for threat actors with network visibility to webhook traffic.
Smart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allows remote attackers to bypass security controls and execute privileged functions without valid credentials. The vulnerability requires user interaction to trigger but poses a significant risk as no patch is currently available. Organizations using affected Smart Switch deployments should implement network-level controls to restrict access until an update is released.