Main Vulnerability Database Vulnerabilities #VU125259

#VU125259 Missing Authentication for Critical Function in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125259

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper access control in the Nostr DM ingress path when processing forged direct messages before signature verification. A remote attacker can send a forged DM to cause a denial of service.

The issue can create a pending pairing entry and trigger bounded relay and logging work, but it does not grant message decryption, pairing approval, or broader authorization bypass.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-h43v-27wg-5mf9

#VU125259 Missing Authentication for Critical Function in OpenClaw

Description

Remediation

External links

Please verify you're human