GHSA-4HG8-92X6-H2F3
Vulnerability from github – Published: 2026-02-17 21:40 – Updated: 2026-02-17 21:40Summary
In affected versions, OpenClaw's optional @openclaw/voice-call plugin Telnyx webhook handler could accept unsigned inbound webhook requests when telnyx.publicKey was not configured, allowing unauthenticated callers to forge Telnyx events.
This only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy).
Affected Packages / Versions
- Package:
openclaw(npm) - Affected:
<= 2026.2.13 - Fixed:
>= 2026.2.14(planned)
Details
Telnyx webhooks are expected to be authenticated via Ed25519 signature verification.
In affected versions, TelnyxProvider.verifyWebhook() could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events.
Fix
The fix makes Telnyx webhook verification fail closed by default and requires telnyx.publicKey (or TELNYX_PUBLIC_KEY) to be configured.
A signature verification bypass exists only for local development via skipSignatureVerification: true, which is off by default, emits a loud startup warning, and should not be used in production.
This requirement is documented in the Voice Call plugin docs.
Fix Commit(s)
29b587e73cbdc941caec573facd16e87d52f007bf47584fec(centralized verification helper + stronger tests)
Workarounds
- Configure
plugins.entries.voice-call.config.telnyx.publicKey(orTELNYX_PUBLIC_KEY) to enable signature verification. - Only for local development: set
skipSignatureVerification: true.
Thanks @p80n-sec for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26319"
],
"database_specific": {
"cwe_ids": [
"CWE-306"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-17T21:40:46Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nIn affected versions, OpenClaw\u0027s optional `@openclaw/voice-call` plugin Telnyx webhook handler could accept unsigned inbound webhook requests when `telnyx.publicKey` was not configured, allowing unauthenticated callers to forge Telnyx events.\n\nThis only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `\u003c= 2026.2.13`\n- Fixed: `\u003e= 2026.2.14` (planned)\n\n## Details\n\nTelnyx webhooks are expected to be authenticated via Ed25519 signature verification.\n\nIn affected versions, `TelnyxProvider.verifyWebhook()` could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events.\n\n## Fix\n\nThe fix makes Telnyx webhook verification fail closed by default and requires `telnyx.publicKey` (or `TELNYX_PUBLIC_KEY`) to be configured.\n\nA signature verification bypass exists only for local development via `skipSignatureVerification: true`, which is off by default, emits a loud startup warning, and should not be used in production.\n\nThis requirement is documented in the Voice Call plugin docs.\n\n## Fix Commit(s)\n\n- `29b587e73cbdc941caec573facd16e87d52f007b`\n- `f47584fec` (centralized verification helper + stronger tests)\n\n## Workarounds\n\n- Configure `plugins.entries.voice-call.config.telnyx.publicKey` (or `TELNYX_PUBLIC_KEY`) to enable signature verification.\n- Only for local development: set `skipSignatureVerification: true`.\n\nThanks @p80n-sec for reporting.",
"id": "GHSA-4hg8-92x6-h2f3",
"modified": "2026-02-17T21:40:47Z",
"published": "2026-02-17T21:40:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hg8-92x6-h2f3"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/29b587e73cbdc941caec573facd16e87d52f007b"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/f47584fec86d6d73f2d483043a2ad0e7e3c50411"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw is Missing Webhook Authentication in Telnyx Provider Allows Unauthenticated Requests"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.