Openclaw · Openclaw · CVE-2026-35627
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.22
Description
OpenClaw before version 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before validating sender and pairing policies. Attackers can trigger unauthorized pre-authentication computation by sending crafted direct messages, leading to denial of service through resource exhaustion.
Recommendations
Update to version 2026.3.22 or later.