Tag
OpenClaw before 2026.3.28 is vulnerable to webhook replay attacks due to improper signature verification, allowing attackers to reorder query parameters and trigger duplicate voice-call processing.