diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bb1fa03346..5ac0835af3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3101,7 +3101,6 @@ Docs: https://docs.openclaw.ai
 - Agents/reply context: label replied-to messages as the current user message target in model-visible metadata, so short replies are grounded to their explicit reply target instead of nearby chat history. (#76817) Thanks @obviyus.
 - Doctor/plugins: install configured missing official plugins such as Discord and Brave during doctor/update repair, auto-enable repaired provider plugins, preserve config when a download fails, and stop auto-enable from inventing plugin entries when no manifest declares a configured channel. Fixes #76872. Thanks @jack-stormentswe.
 - Agents/CLI runner: bridge in-flight assistant agent events into the shared `onPartialReply` callback so CLI backends (Anthropic Max plan via `claude-cli`, Codex CLI, etc.) drive the same Telegram and channel preview path the native API path uses, instead of silently delivering only the final assembled message. Fixes #76869. Thanks @jack-stormentswe.
-- WhatsApp: strip control characters and CRLF from outbound document `fileName` to prevent header injection from attacker-controlled filenames. (#77114) Thanks @masatohoshino.
 
 ## 2026.5.2
 
diff --git a/extensions/whatsapp/src/document-filename.test.ts b/extensions/whatsapp/src/document-filename.test.ts
index e5f425c07f9..c7221344eb4 100644
--- a/extensions/whatsapp/src/document-filename.test.ts
+++ b/extensions/whatsapp/src/document-filename.test.ts
@@ -14,7 +14,7 @@ describe("resolveWhatsAppDocumentFileName", () => {
   it("strips C0 control characters and DEL from fileName", () => {
     expect(
       resolveWhatsAppDocumentFileName({
-        fileName: "\x00evil\x1f.pdf",
+        fileName: "\x00evil\x1f\x7f.pdf",
         mimetype: "application/pdf",
       }),
     ).toBe("evil.pdf");