OpenClaw Unauthenticated Profile Tampering Vulnerability in Nostr Plugin

A vulnerability exists in OpenClaw versions prior to 2026.2.12 with the optional Nostr plugin enabled. These versions expose unauthenticated HTTP endpoints that allow remote attackers to read and modify Nostr profiles without proper authentication. The vulnerable endpoints are located at '/api/channels/nostr/:accountId/profile' and '/api/channels/nostr/:accountId/profile/import'. Exploitation of this vulnerability can lead to unauthorized access to sensitive profile data, unauthorized modifications of Nostr profiles, persistent malicious changes to the gateway configuration, and the ability to publish signed Nostr events using the bot's private key, provided the gateway HTTP port is accessible beyond localhost.

Impact

Exploitation allows for unauthorized reading and modification of Nostr profiles, tampering with gateway configuration, and publishing of signed Nostr events using the bot's private key, when the gateway HTTP port is accessible beyond localhost.

Reproduction

The vulnerability can be reproduced by sending a request to the unauthenticated Nostr profile HTTP endpoints '/api/channels/nostr/:accountId/profile' or '/api/channels/nostr/:accountId/profile/import' without gateway authentication. This can be done when the gateway HTTP port is accessible beyond localhost, such as being bound to '0.0.0.0', exposed on a LAN, behind a reverse proxy, or via Tailscale Funnel/Serve.

Remediation

Users are advised to upgrade to OpenClaw version 2026.2.12 or later. As a temporary measure, restrict the gateway HTTP exposure to loopback-only and enforce network-layer access controls until the upgrade is complete.