GHSA-HM2H-WWWH-G49X Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted Session

Summary The PUT /user endpoint is protected by RequireScopes"profile:read", which is a read-only scope. However, the endpoint performs write operations including password changes. An attacker who obtains an admin's restricted profile:read access token can change the admin's password, then login t...

Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted Session

Summary The PUT /user endpoint is protected by RequireScopes"profile:read", which is a read-only scope. However, the endpoint performs write operations including password changes. An attacker who obtains an admin's restricted profile:read access token can change the admin's password, then login t...

EUVD-2026-9899

OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import that allow reading and modifying Nostr profiles without gateway authentication. Remote...

CVE-2026-28450

OpenClaw, versions prior to 2026.2.12 with the optional Nostr plugin enabled, expose unauthenticated HTTP endpoints at /api/channels/nostr/:accountId/profile and /api/channels/nostr/:accountId/profile/import. These allow reading and modifying Nostr profiles without gateway authentication, potenti...