PT-2026-38234 · Openclaw · Openclaw
Peng Zhou
·
Published
2026-05-06
·
Updated
2026-05-07
·
CVE-2026-43579
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.10
Description
Insufficient access control in the Nostr plugin HTTP profile routes allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with
operator.write scope can modify Nostr profile settings through unprotected mutation endpoints to gain unauthorized configuration persistence.Recommendations
Update to version 2026.4.10.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw