What is the CVSS score of EUVD-2026-13954?

EUVD-2026-13954 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Openclaw are affected by EUVD-2026-13954?

CVE-2026-32053 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for EUVD-2026-13954?

Yes, a public proof-of-concept exploit is available for EUVD-2026-13954. Prioritise patching immediately. EPSS: 0.0%.

Openclaw EUVD-2026-13954

| CVE-2026-32053 MEDIUM

Authentication Bypass by Capture-replay (CWE-294)

2026-03-21 VulnCheck

GHSA-3r78-rqg8-95gg

Authentication Bypass Openclaw

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

PoC Detected

Mar 24, 2026 - 21:15 vuln.today

Public exploit code

EUVD ID Assigned

Mar 21, 2026 - 01:00 euvd

EUVD-2026-13954

Analysis Generated

Mar 21, 2026 - 01:00 vuln.today

Patch released

Mar 21, 2026 - 01:00 nvd

Patch available

CVE Published

Mar 21, 2026 - 00:42 nvd

MEDIUM 6.5

DescriptionCVE.org

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption.

AnalysisAI

OpenClaw versions prior to 2026.2.23 contain a webhook event deduplication bypass vulnerability where normalized Twilio event IDs are randomized on each parse, allowing attackers to replay webhook events and circumvent the manager's deduplication checks. An unauthenticated remote attacker can exploit this over the network to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 6.5 score (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) reflects a network-exploitable vulnerability requiring no privilege or user interaction, with low attack complexity and localized integrity and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker intercepts or captures a legitimate Twilio webhook event (e.g., a call completion or status update notification) sent to the OpenClaw webhook endpoint. The attacker replays this webhook to the same endpoint multiple times. …
Remediation	Upgrade OpenClaw to version 2026.2.23 or later immediately; this is the primary fix as a patch is available from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53836 HIGH This Week

8.7 Jun 12

Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution all

CVE-2026-53822 HIGH This Week

8.7 Jun 12

Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between appro

CVE-2026-53819 HIGH This Week

8.7 Jun 11

Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skil

CVE-2026-53817 HIGH This Week

8.7 Jun 11

Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information

CVE-2026-53821 HIGH This Week

8.7 Jun 12

Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin

EUVD-2026-13954 vulnerability details – vuln.today

Back

Openclaw EUVD-2026-13954

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code