CVE-2026-41301
Signature Verification Bypass in OpenClaw Nostr DM Enables Resource Exhaustion
Publication date: 2026-04-21
Last updated on: 2026-04-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.3.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41301 is a vulnerability in OpenClaw versions 2026.3.22 before 2026.3.31 affecting the Nostr direct message (DM) ingress path. The flaw allows an unauthenticated remote attacker to bypass signature verification, enabling them to send forged direct messages that create pending pairing entries and trigger pairing-reply attempts before the event signatures are validated.
This happens because the system previously allowed pairing challenges to be issued before verifying the authenticity of the event signatures, which could lead to unauthorized pairing requests and replies.
The vulnerability was fixed by enforcing cryptographic verification of inbound DM event signatures before any pairing or authorization side effects occur, adjusting sender authorization timing, and enhancing rate limiting and replay protections.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated remote attacker to send forged direct messages that create pending pairing entries and trigger pairing-reply attempts on the Nostr channel.
The impact includes consumption of shared pairing capacity and triggering bounded relay and logging work, which can lead to resource exhaustion or degraded service performance.
However, the vulnerability does not allow message decryption, pairing approval, or broader authorization bypass, so the attacker cannot gain unauthorized access to protected data or functions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual or forged direct messages (DMs) on the Nostr channel that create pending pairing entries or trigger pairing-reply attempts before signature verification.
Since the vulnerability allows unauthenticated remote attackers to send forged DMs, network or system administrators should look for abnormal pairing requests or reply attempts that occur without proper event signature validation.
Specific commands are not provided in the available resources, but monitoring logs for pairing-reply attempts and analyzing inbound DM events for signature verification failures or unexpected pairing state changes could help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.31 or later, where the vulnerability has been fixed.
The fix enforces cryptographic verification of inbound DM event signatures before any pairing or authorization side effects occur, preventing forged messages from creating unauthorized pairing requests or triggering replies.
Additionally, the fix includes improved rate limiting and replay protections to reduce resource exhaustion risks from repeated or oversized forged messages.
Until the upgrade is applied, monitoring and restricting inbound DM traffic from untrusted sources may help reduce exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-41301 on compliance with common standards and regulations such as GDPR or HIPAA.