OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression
अनुवाद हो रहा है…प्लेटफ़ॉर्म
nextcloud
घटक
nextcloud
में ठीक किया गया
2026.2.25
CVE-2026-28449 affects Nextcloud versions prior to 2026.2.25. This vulnerability stems from a lack of durable replay state for Nextcloud Talk webhook events. An attacker can exploit this to replay previously valid, signed webhook requests, potentially causing duplicate inbound message processing and impacting the integrity or availability of the system. The vulnerability was published on 2026-03-19 and a fix is available in version 2026.2.25.
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The core impact of CVE-2026-28449 lies in the potential for attackers to manipulate Nextcloud Talk's webhook functionality. By capturing and replaying legitimate, signed webhook requests, an attacker can trigger duplicate processing of inbound messages. This could lead to various consequences, depending on the actions triggered by those webhooks. For example, if a webhook is configured to update user data or trigger automated workflows, replay attacks could result in incorrect data modifications, unintended actions, or denial of service. The blast radius is limited to the functionality exposed through the affected webhooks; however, the impact on individual users or processes could be significant. This vulnerability highlights the importance of replay protection mechanisms in systems that handle sensitive events.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2026-28449 is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not currently available, suggesting a lower probability of immediate widespread exploitation. However, the vulnerability's nature—replaying signed requests—makes it relatively straightforward to exploit once a valid request is captured. The NVD was published on 2026-03-19.
कौन जोखिम में हैअनुवाद हो रहा है…
Organizations heavily reliant on Nextcloud Talk's webhook functionality for integrations with other services are particularly at risk. This includes those using webhooks for automated workflows, user provisioning, or real-time notifications. Environments with less stringent security controls and those that have not regularly audited their webhook configurations are also more vulnerable.
पहचान के चरणअनुवाद हो रहा है…
• nextcloud / server:
journalctl -u nextcloud -f | grep -i webhook• nextcloud / server:
find /var/www/nextcloud/apps/talk/ -name 'webhook.php' -print• nextcloud / server:
curl -s -I <your_nextcloud_url>/index.php/talk/webhooks | grep -i 'replay-attack'हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.06% (18% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
- Confidentiality
- कोई नहीं — गोपनीयता पर कोई प्रभाव नहीं।
- Integrity
- निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
- Availability
- निम्न — आंशिक या रुक-रुक कर सेवा से इनकार।
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2026-28449 is to upgrade Nextcloud to version 2026.2.25 or later, which includes the fix for this replay vulnerability. If immediate upgrading is not feasible, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective without deep inspection of webhook payloads, carefully reviewing and auditing webhook configurations is crucial. Ensure that webhooks are only triggered by trusted sources and that the actions they perform are carefully controlled. After upgrading, verify the integrity of recent Talk events by reviewing logs and confirming that no duplicate messages have been processed.
कैसे ठीक करेंअनुवाद हो रहा है…
Actualice su instancia de OpenClaw a la versión 2026.2.25 o posterior para mitigar el riesgo de ataques de repetición de webhook. Esta actualización implementa la supresión duradera de repeticiones, previniendo que los atacantes retransmitan solicitudes de webhook válidas y causen procesamiento duplicado de mensajes.
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2026-28449 — Webhook Replay in Nextcloud?
CVE-2026-28449 is a vulnerability in Nextcloud versions prior to 2026.2.25 that allows attackers to replay signed webhook requests, leading to duplicate message processing.
Am I affected by CVE-2026-28449 in Nextcloud?
You are affected if you are running Nextcloud versions 0.0.0–2026.2.25 and utilize Nextcloud Talk webhooks.
How do I fix CVE-2026-28449 in Nextcloud?
Upgrade Nextcloud to version 2026.2.25 or later to resolve the vulnerability.
Is CVE-2026-28449 being actively exploited?
There is no confirmed active exploitation of CVE-2026-28449 at this time, but the vulnerability is relatively easy to exploit.
Where can I find the official Nextcloud advisory for CVE-2026-28449?
Refer to the official Nextcloud security advisory for detailed information and updates: [https://nextcloud.com/security/advisories](https://nextcloud.com/security/advisories)
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।