GHSA-C37P-4QQG-3P76

Vulnerability from github – Published: 2026-02-18 00:54 – Updated: 2026-02-18 00:54
VLAI?
Summary
OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled
Details

Summary

A Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled.

Impact

This issue is limited to configurations that explicitly enable and expose the voice-call webhook endpoint.

Not affected by default: - The voice-call extension is optional and disabled by default. - The bypass only applied when tunnel.allowNgrokFreeTierLoopbackBypass was explicitly enabled. - Exploitation required the webhook to be reachable (typically via a public ngrok URL during development).

Worst case (when exposed and the option was enabled): - An external attacker could send forged requests to the publicly reachable webhook endpoint that would be accepted without a valid X-Twilio-Signature. - This could result in unauthorized webhook event handling (integrity) and request flooding (availability).

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.13 (latest published as of 2026-02-14)
  • Patched versions: >= 2026.2.14 (planned next release; pending publish)

Fix

allowNgrokFreeTierLoopbackBypass no longer bypasses signature verification. It only enables trusting forwarded headers on loopback so the public ngrok URL can be reconstructed for correct signature validation.

Fix commit(s): - ff11d8793b90c52f8d84dae3fbb99307da51b5c9

Thanks @p80n-sec for reporting.

Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-18T00:54:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA Twilio webhook signature-verification bypass in the voice-call extension could allow unauthenticated webhook requests when a specific ngrok free-tier compatibility option is enabled.\n\n## Impact\n\nThis issue is limited to configurations that explicitly enable and expose the voice-call webhook endpoint.\n\nNot affected by default:\n- The voice-call extension is optional and disabled by default.\n- The bypass only applied when `tunnel.allowNgrokFreeTierLoopbackBypass` was explicitly enabled.\n- Exploitation required the webhook to be reachable (typically via a public ngrok URL during development).\n\nWorst case (when exposed and the option was enabled):\n- An external attacker could send forged requests to the publicly reachable webhook endpoint that would be accepted without a valid `X-Twilio-Signature`.\n- This could result in unauthorized webhook event handling (integrity) and request flooding (availability).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.13` (latest published as of 2026-02-14)\n- Patched versions: `\u003e= 2026.2.14` (planned next release; pending publish)\n\n## Fix\n\n`allowNgrokFreeTierLoopbackBypass` no longer bypasses signature verification. It only enables trusting forwarded headers on loopback so the public ngrok URL can be reconstructed for correct signature validation.\n\nFix commit(s):\n- ff11d8793b90c52f8d84dae3fbb99307da51b5c9\n\nThanks @p80n-sec for reporting.",
  "id": "GHSA-c37p-4qqg-3p76",
  "modified": "2026-02-18T00:54:48Z",
  "published": "2026-02-18T00:54:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c37p-4qqg-3p76"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ff11d8793b90c52f8d84dae3fbb99307da51b5c9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw Twilio voice-call webhook auth bypass when ngrok loopback compatibility is enabled"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.