CVE-2026-43579
Analyzed Analyzed - Analysis Complete

Insufficient Access Control in OpenClaw Nostr Plugin

Vulnerability report for CVE-2026-43579, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: VulnCheck

Description

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile settings through unprotected mutation endpoints to gain unauthorized configuration persistence.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenClaw versions before 2026.4.10, specifically in the Nostr plugin's HTTP profile routes. It is caused by insufficient access control, allowing operators who have write permissions (operator.write scope) to persist profile configuration changes without needing admin-level authority. Essentially, attackers with these write permissions can modify Nostr profile settings through unprotected mutation endpoints, enabling unauthorized persistence of configuration changes.

Impact Analysis

The impact of this vulnerability is that an attacker with operator write permissions can make unauthorized changes to the Nostr profile configuration and have those changes persist. This could lead to unauthorized configuration modifications that might affect the behavior or security posture of the system, potentially enabling further exploitation or disruption.

Detection Guidance

This vulnerability involves unauthorized modification of Nostr profile settings through HTTP mutation routes by users with operator.write scope but without admin authority.

To detect exploitation attempts on your network or system, monitor HTTP requests targeting the Nostr profile mutation endpoints for unauthorized access or changes.

Look for HTTP requests that attempt to update or import Nostr profiles without the required operator.admin scope.

You can use network monitoring tools or web server logs to identify such requests.

  • Use tools like curl or httpie to manually test the mutation endpoints with operator.write credentials and verify if changes are accepted without admin scope.
  • Example curl command to test profile mutation endpoint (replace URL and token accordingly):
  • curl -X POST https://your-openclaw-instance/api/nostr/profile/mutate -H "Authorization: Bearer <operator.write_token>" -d '{"profileData": "new settings"}' -v
  • Check server logs for HTTP 403 Forbidden responses which indicate enforcement of the fix.
Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.10 or later, as these versions include the security fix that enforces stricter access control requiring operator.admin scope for profile mutation routes.

Until the upgrade can be applied, restrict operator.write permissions to trusted users only and monitor mutation endpoint usage closely.

Additionally, review and tighten access control policies around the Nostr plugin HTTP profile routes to prevent unauthorized configuration changes.

Ensure that your gateway server and authentication mechanisms properly propagate and enforce the required scopes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43579. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart