CVE-2026-43579
Analyzed Analyzed - Analysis Complete
Insufficient Access Control in OpenClaw Nostr Plugin

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: VulnCheck

Description
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile settings through unprotected mutation endpoints to gain unauthorized configuration persistence.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43579
EUVD
EUVD-2026-28170
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves unauthorized modification of Nostr profile settings through HTTP mutation routes by users with operator.write scope but without admin authority.

To detect exploitation attempts on your network or system, monitor HTTP requests targeting the Nostr profile mutation endpoints for unauthorized access or changes.

Look for HTTP requests that attempt to update or import Nostr profiles without the required operator.admin scope.

You can use network monitoring tools or web server logs to identify such requests.

  • Use tools like curl or httpie to manually test the mutation endpoints with operator.write credentials and verify if changes are accepted without admin scope.
  • Example curl command to test profile mutation endpoint (replace URL and token accordingly):
  • curl -X POST https://your-openclaw-instance/api/nostr/profile/mutate -H "Authorization: Bearer <operator.write_token>" -d '{"profileData": "new settings"}' -v
  • Check server logs for HTTP 403 Forbidden responses which indicate enforcement of the fix.
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.4.10, specifically in the Nostr plugin's HTTP profile routes. It is caused by insufficient access control, allowing operators who have write permissions (operator.write scope) to persist profile configuration changes without needing admin-level authority. Essentially, attackers with these write permissions can modify Nostr profile settings through unprotected mutation endpoints, enabling unauthorized persistence of configuration changes.

Impact Analysis

The impact of this vulnerability is that an attacker with operator write permissions can make unauthorized changes to the Nostr profile configuration and have those changes persist. This could lead to unauthorized configuration modifications that might affect the behavior or security posture of the system, potentially enabling further exploitation or disruption.

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, as these versions include the security fix that enforces stricter access control requiring operator.admin scope for profile mutation routes.

Until the upgrade can be applied, restrict operator.write permissions to trusted users only and monitor mutation endpoint usage closely.

Additionally, review and tighten access control policies around the Nostr plugin HTTP profile routes to prevent unauthorized configuration changes.

Ensure that your gateway server and authentication mechanisms properly propagate and enforce the required scopes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43579. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart