CVE-2026-28450 Overview
CVE-2026-28450 is a Missing Authentication for Critical Function (CWE-306) vulnerability affecting OpenClaw versions prior to 2026.2.12. When the optional Nostr plugin is enabled, the application exposes unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote attackers can exploit these endpoints to read sensitive profile data, modify Nostr profiles, persist malicious changes to gateway configuration, and publish signed Nostr events using the bot's private key when the gateway HTTP port is accessible beyond localhost.
Critical Impact
Unauthenticated remote attackers can read sensitive Nostr profile data, tamper with gateway configurations, and sign/publish malicious Nostr events using the compromised bot's private key, potentially leading to full account impersonation and persistent backdoor access.
Affected Products
- OpenClaw versions prior to 2026.2.12 with Nostr plugin enabled
- OpenClaw installations where gateway HTTP port is accessible beyond localhost
Discovery Timeline
- 2026-03-05 - CVE-2026-28450 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28450
Vulnerability Analysis
This vulnerability stems from Missing Authentication for Critical Function (CWE-306) in the Nostr plugin's HTTP endpoint handlers. The OpenClaw gateway exposes API routes for managing Nostr channel profiles without requiring any form of authentication, creating a significant authorization bypass condition.
When the Nostr plugin is enabled, the gateway HTTP server registers endpoints for profile management operations. These endpoints process incoming requests without validating that the caller possesses valid credentials such as a device token, settings token, or password. An attacker with network access to the gateway's HTTP port can directly interact with these APIs to extract profile information, inject malicious profile data, and leverage the bot's cryptographic identity to sign and broadcast unauthorized Nostr events.
The attack surface is particularly concerning for deployments where the gateway HTTP service is bound to network interfaces accessible from untrusted networks rather than restricted to localhost.
Root Cause
The root cause is the absence of authentication middleware on the Nostr profile API routes. The vulnerable code paths in src/gateway/server-http.ts and ui/src/ui/app-channels.ts did not enforce credential validation before processing profile read and import operations. The fix introduces proper authorization header handling, requiring a valid Bearer token (device token, settings token, or password) before permitting access to these sensitive endpoints.
Attack Vector
The vulnerability is exploitable over the network without authentication or user interaction. An attacker who can reach the OpenClaw gateway HTTP port can send crafted HTTP requests to the vulnerable endpoints. The attack vector involves:
- Identifying an exposed OpenClaw gateway with the Nostr plugin enabled
- Sending HTTP GET requests to /api/channels/nostr/:accountId/profile to exfiltrate profile data
- Sending HTTP POST requests to /api/channels/nostr/:accountId/profile/import to inject malicious profile configurations
- Using the compromised bot's private key to sign and publish unauthorized Nostr events
The following patch snippet from ui/src/ui/app-channels.ts demonstrates the authentication fix that was implemented:
function resolveGatewayHttpAuthHeader(host: OpenClawApp): string | null {
const deviceToken = host.hello?.auth?.deviceToken?.trim();
if (deviceToken) {
return `Bearer ${deviceToken}`;
}
const token = host.settings.token.trim();
if (token) {
return `Bearer ${token}`;
}
const password = host.password.trim();
if (password) {
return `Bearer ${password}`;
}
return null;
}
function buildGatewayHttpHeaders(host: OpenClawApp): Record<string, string> {
const authorization = resolveGatewayHttpAuthHeader(host);
return authorization ? { Authorization: authorization } : {};
}
Source: GitHub Commit Update
Detection Methods for CVE-2026-28450
Indicators of Compromise
- Unexpected HTTP requests to /api/channels/nostr/:accountId/profile endpoints from external IP addresses
- Unauthorized modifications to Nostr profile configurations in gateway logs
- Anomalous Nostr events published using the bot's identity that were not initiated by authorized users
- HTTP access logs showing requests to Nostr profile endpoints without valid Authorization headers
Detection Strategies
- Monitor gateway HTTP access logs for requests to /api/channels/nostr/*/profile and /api/channels/nostr/*/profile/import endpoints
- Implement network-level monitoring for connections to the gateway HTTP port from untrusted sources
- Alert on Nostr profile configuration changes that occur outside of expected administrative windows
- Deploy web application firewall (WAF) rules to detect and block unauthorized access attempts to sensitive API endpoints
Monitoring Recommendations
- Enable detailed HTTP request logging on the OpenClaw gateway to capture all API interactions
- Configure intrusion detection systems to monitor for reconnaissance activity targeting Nostr plugin endpoints
- Implement real-time alerting for any profile modification events detected in application logs
- Review Nostr event publishing history for anomalous activities that may indicate key compromise
How to Mitigate CVE-2026-28450
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.12 or later immediately
- If upgrade is not immediately possible, disable the Nostr plugin until patching can be completed
- Restrict gateway HTTP port access to localhost or trusted networks using firewall rules
- Audit gateway configurations and Nostr profile data for any unauthorized modifications
- Rotate bot private keys if exposure is suspected
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.12. The security fix introduces proper authentication header handling for Nostr profile API endpoints, requiring valid Bearer token authentication before processing requests. Refer to the GitHub Security Advisory and the security patch commit for complete details.
Workarounds
- Bind the gateway HTTP service to localhost only (127.0.0.1) to prevent external network access
- Deploy network segmentation to isolate the OpenClaw gateway from untrusted networks
- Use a reverse proxy with authentication requirements in front of the gateway HTTP port
- Disable the Nostr plugin entirely if not required for operations
# Example: Restrict gateway HTTP port to localhost using iptables
iptables -A INPUT -p tcp --dport 8080 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
