Vulnerability Description
OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote attackers can exploit these endpoints to read sensitive profile data, modify Nostr profiles, persist malicious changes to gateway configuration, and publish signed Nostr events using the bot's private key when the gateway HTTP port is accessible beyond localhost.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.12 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/647d929c9d0fd114249230d939a5cb3b36dcPatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mv9j-6xhh-g383Vendor Advisory
- https://www.vulncheck.com/advisories/openclaw-unauthenticated-profile-tampering-Third Party Advisory
FAQ
What is CVE-2026-28450?
CVE-2026-28450 is a vulnerability with a CVSS score of 6.8 (MEDIUM). OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/i...
How severe is CVE-2026-28450?
CVE-2026-28450 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-28450?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.