Lucene search
K

11 matches found

EUVD
EUVD
added 2026/05/06 9:31 p.m.10 views

EUVD-2026-28170

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 8:16 p.m.6 views

CVE-2026-43579

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS0.00218EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.31 views

CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43579

OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 7:49 p.m.13 views

CVE-2026-43579

CVE-2026-43579 affects OpenClaw prior to 2026.4.10, with an insufficient access control flaw in the Nostr plugin HTTP profile mutation routes. Operators with write permissions can persist profile configuration without admin authority by abusing unprotected mutation endpoints, enabling unauthorize...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38234

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description Insufficient access control in the Nostr plugin HTTP profile routes allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References6
OSV
OSV
added 2026/04/17 10:0 p.m.4 views

GHSA-F3H5-H452-VP3J OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

Summary Nostr profile mutation routes allowed operator.write config persistence. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin...

5.3CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/17 10:0 p.m.8 views

OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

Summary Nostr profile mutation routes allowed operator.write config persistence. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin...

5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/17 9:31 p.m.3 views

GHSA-MV9J-6XHH-G383 OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering

Summary The OpenClaw Nostr channel plugin optional, disabled by default, installed separately exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile GET/PUT and /api/channels/nostr/:accountId/profile/import POST. In affected versions, these routes were dispatched v...

6.3CVSS5.8AI score0.0034EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/17 9:31 p.m.5 views

OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering

Summary The OpenClaw Nostr channel plugin optional, disabled by default, installed separately exposes profile management HTTP endpoints under /api/channels/nostr/:accountId/profile GET/PUT and /api/channels/nostr/:accountId/profile/import POST. In affected versions, these routes were dispatched v...

8.3CVSS5.8AI score0.0034EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder