CVE-2026-41301

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.22 through 2026.3.30

Description A signature verification bypass exists in the Nostr DM ingress path, allowing pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts. This can lead to the consumption of shared pairing capacity and trigger bounded relay and logging work on the Nostr channel. This issue does not grant message decryption, pairing approval, or broader authorization bypass.

Recommendations Update to version 2026.3.31 or later.