CVE-2026-41385 Overview
CVE-2026-41385 is a sensitive data exposure vulnerability in OpenClaw versions prior to 2026.3.31. The vulnerability allows attackers to retrieve Nostr private keys that are stored as plaintext in configuration files. The config.get method calls bypass redaction mechanisms, enabling unauthorized access to unredacted configuration data containing plaintext signing keys used for Nostr protocol operations.
Critical Impact
Exposure of Nostr private keys allows attackers to impersonate users, sign malicious messages, and potentially compromise the integrity of Nostr protocol communications associated with affected OpenClaw deployments.
Affected Products
- OpenClaw versions before 2026.3.31
- OpenClaw Nostr extension module
- Systems utilizing OpenClaw's config.get method with Nostr integration
Discovery Timeline
- 2026-04-28 - CVE CVE-2026-41385 published to NVD
- 2026-04-28 - Last updated in NVD database
Technical Details for CVE-2026-41385
Vulnerability Analysis
This vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information). The core issue lies in the Nostr extension's configuration schema, which stores the privateKey field without proper redaction protection. When configuration data is accessed through the config.get method, the private key is returned in plaintext rather than being masked or redacted, exposing cryptographic credentials to any user or process with configuration read access.
The attack can be executed over the network by authenticated users with low privileges, requiring no user interaction. Successful exploitation results in high confidentiality impact, as attackers gain access to cryptographic signing keys that should remain secret. The vulnerability affects the integrity of identity-based operations on the Nostr protocol.
Root Cause
The root cause stems from improper handling of sensitive configuration values in the OpenClaw Nostr extension. The privateKey configuration field was not wrapped with the buildSecretInputSchema utility that provides proper redaction. Configuration views and API responses returned the raw plaintext value instead of masking or omitting the sensitive credential, violating secure configuration management practices.
Attack Vector
The attack vector is network-based, requiring authenticated access to the OpenClaw configuration system. An attacker with low-level privileges can:
- Access the configuration retrieval endpoint or API
- Call config.get methods to retrieve Nostr extension settings
- Extract the unredacted privateKey value from the response
- Use the stolen private key to sign Nostr messages or impersonate the legitimate user
The vulnerability is particularly dangerous in multi-tenant or shared-access environments where configuration data may be visible to users who should not have access to cryptographic credentials.
// Security patch in extensions/nostr/src/config-schema.ts
// Source: https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d
DmPolicySchema,
MarkdownConfigSchema,
} from "openclaw/plugin-sdk/channel-config-primitives";
+import { buildSecretInputSchema } from "openclaw/plugin-sdk/secret-input";
import { z } from "openclaw/plugin-sdk/zod";
/**
The fix introduces the buildSecretInputSchema utility to wrap sensitive fields, ensuring proper redaction when configuration is retrieved.
// Security patch in extensions/nostr/src/setup-surface.ts
// Source: https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d
import type { ChannelSetupAdapter } from "openclaw/plugin-sdk/channel-setup";
import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
import { DEFAULT_ACCOUNT_ID } from "openclaw/plugin-sdk/routing";
+import {
+ hasConfiguredSecretInput,
+ normalizeSecretInputString,
+} from "openclaw/plugin-sdk/secret-input";
import {
createTopLevelChannelParsedAllowFromPrompt,
createTopLevelChannelDmPolicy,
The setup surface was also updated to use hasConfiguredSecretInput and normalizeSecretInputString functions for proper secret handling throughout the configuration lifecycle.
Detection Methods for CVE-2026-41385
Indicators of Compromise
- Unusual configuration API access patterns targeting Nostr extension settings
- Unexpected config.get calls retrieving privateKey fields from unauthorized sources
- Nostr messages signed with organizational keys from unrecognized IP addresses or contexts
- Audit log entries showing bulk configuration retrievals by non-administrative users
Detection Strategies
- Monitor application logs for configuration access requests targeting the Nostr extension module
- Implement alerting on config.get method invocations that return sensitive field patterns
- Deploy API access monitoring to detect enumeration attempts against configuration endpoints
- Review Nostr network activity for messages signed with keys associated with your organization from unexpected origins
Monitoring Recommendations
- Enable verbose logging for all configuration retrieval operations in OpenClaw
- Implement rate limiting on configuration API endpoints to prevent bulk extraction
- Deploy file integrity monitoring on configuration storage locations
- Configure SIEM rules to correlate configuration access with subsequent Nostr protocol activity
How to Mitigate CVE-2026-41385
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.31 or later immediately
- Rotate all Nostr private keys that may have been exposed through the vulnerable configuration system
- Audit configuration access logs to identify potential unauthorized key retrievals
- Review Nostr message history for any suspicious activity using potentially compromised keys
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.3.31. The security patch is available via GitHub Commit 57700d7. For detailed information about the vulnerability and remediation, consult the GitHub Security Advisory GHSA-jjw7-3vjf-fg5j and the VulnCheck Advisory.
Workarounds
- Restrict access to configuration retrieval APIs to only essential administrative users
- Implement network segmentation to limit access to OpenClaw configuration endpoints
- Use environment variables or external secret managers instead of configuration files for private key storage
- Deploy API gateways with field-level redaction rules to mask sensitive values in configuration responses
# Configuration example - Restrict config API access
# Add to OpenClaw server configuration
# Limit config endpoint access to admin roles only
OPENCLAW_CONFIG_API_ROLES="admin,security-admin"
# Enable audit logging for all config access
OPENCLAW_CONFIG_AUDIT_ENABLED=true
# Use external secret manager for sensitive credentials
OPENCLAW_SECRET_PROVIDER="vault"
OPENCLAW_VAULT_ADDR="https://vault.internal:8200"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
