Main Vulnerability Database Vulnerabilities #VU125259

Missing Authentication for Critical Function in OpenClaw - #VU125259

Published: April 8, 2026

Vulnerability identifier: #VU125259

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper access control in the Nostr DM ingress path when processing forged direct messages before signature verification. A remote attacker can send a forged DM to cause a denial of service.

The issue can create a pending pairing entry and trigger bounded relay and logging work, but it does not grant message decryption, pairing approval, or broader authorization bypass.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-h43v-27wg-5mf9

Missing Authentication for Critical Function in OpenClaw - #VU125259

Detailed vulnerability description

Remediation

Sources

Please verify you're human