CVE-2026-43579
Insufficient Access Control in OpenClaw Nostr Plugin
Publication date: 2026-05-06
Last updated on: 2026-05-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions before 2026.4.10, specifically in the Nostr plugin's HTTP profile routes. It is caused by insufficient access control, allowing operators who have write permissions (operator.write scope) to persist profile configuration changes without needing admin-level authority. Essentially, attackers with these write permissions can modify Nostr profile settings through unprotected mutation endpoints, enabling unauthorized persistence of configuration changes.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with operator write permissions can make unauthorized changes to the Nostr profile configuration and have those changes persist. This could lead to unauthorized configuration modifications that might affect the behavior or security posture of the system, potentially enabling further exploitation or disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized modification of Nostr profile settings through HTTP mutation routes by users with operator.write scope but without admin authority.
To detect exploitation attempts on your network or system, monitor HTTP requests targeting the Nostr profile mutation endpoints for unauthorized access or changes.
Look for HTTP requests that attempt to update or import Nostr profiles without the required operator.admin scope.
You can use network monitoring tools or web server logs to identify such requests.
- Use tools like curl or httpie to manually test the mutation endpoints with operator.write credentials and verify if changes are accepted without admin scope.
- Example curl command to test profile mutation endpoint (replace URL and token accordingly):
- curl -X POST https://your-openclaw-instance/api/nostr/profile/mutate -H "Authorization: Bearer <operator.write_token>" -d '{"profileData": "new settings"}' -v
- Check server logs for HTTP 403 Forbidden responses which indicate enforcement of the fix.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, as these versions include the security fix that enforces stricter access control requiring operator.admin scope for profile mutation routes.
Until the upgrade can be applied, restrict operator.write permissions to trusted users only and monitor mutation endpoint usage closely.
Additionally, review and tighten access control policies around the Nostr plugin HTTP profile routes to prevent unauthorized configuration changes.
Ensure that your gateway server and authentication mechanisms properly propagate and enforce the required scopes.