DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-C37P-4QQG-3P76: OpenClaw's Open Door: The 'Convenience' Flag That Bypassed Auth

#security #cve #cybersecurity #ghsa

OpenClaw's Open Door: The 'Convenience' Flag That Bypassed Auth

Vulnerability ID: GHSA-C37P-4QQG-3P76
CVSS Score: 5.8
Published: 2026-02-18

In the world of programmable voice, verifying webhooks is critical—unless you're using OpenClaw's 'ngrok compatibility' mode. A vulnerability in the openclaw npm package allowed attackers to completely bypass Twilio signature verification by exploiting a developer convenience flag designed for local testing. By effectively telling the server 'it's okay, I'm using ngrok,' the application would skip cryptographic checks entirely, allowing unauthenticated actors to forge incoming voice calls and manipulate call flows.

TL;DR

OpenClaw introduced a configuration flag to help developers test Twilio webhooks over ngrok. Instead of fixing header validation, the flag implemented a hardcoded return true bypass for signature checks. This allows attackers to forge webhooks and trigger unauthorized voice events on affected instances.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-347
  • Attack Vector: Network
  • CVSS Score: 5.8 (Medium)
  • Impact: Integrity Loss (Auth Bypass)
  • Exploit Status: PoC Available
  • Affected Component: webhook-security.ts

Affected Systems

  • openclaw npm package
  • OpenClaw Voice Call Extension
  • openclaw: <= 2026.2.13 (Fixed in: 2026.2.14)

Code Analysis

Commit: ff11d87

fix(voice-call): remove insecure signature bypass for ngrok compatibility

- if (isNgrokFreeTier && options?.allowNgrokFreeTierLoopbackBypass && isLoopback) { return { ok: true } }
+ // Logic changed to use headers for reconstruction instead of bypass
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Internal: Proof of concept involving manual POST requests to ngrok-tunneled instances.

Mitigation Strategies

  • Disable tunnel.allowNgrokFreeTierLoopbackBypass in all environments unless actively debugging signature issues.
  • Ensure webhook endpoints are not reachable by the public internet during development unless protected by authentication.
  • Audit environment variables for insecure boolean flags.

Remediation Steps:

  1. Upgrade openclaw to version 2026.2.14 immediately.
  2. Check config.ts or .env files for allowNgrokFreeTierLoopbackBypass and set it to false.
  3. Restart the OpenClaw service.

References

Read the full report for GHSA-C37P-4QQG-3P76 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)