CVE-2026-41301— OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41301
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts, consuming shared pairing capacity and triggering bounded relay and logging work on the Nostr channel.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.22版本至2026.3.31之前版本存在数据伪造问题漏洞,该漏洞源于Nostr DM入口路径存在签名验证绕过,可能导致未经身份验证的远程攻击者发送伪造的直接消息来创建待处理的配对条目并触发配对回复尝试,消耗共享配对容量并触发有界中继和日志记录工作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41301
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41301
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-04-20 · 15 CVEs total
| CVE-2026-41329 | 9.9 CRITICAL | OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner |
| CVE-2026-41303 | 8.8 HIGH | OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands |
| CVE-2026-41294 | 8.6 HIGH | OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File |
| CVE-2026-41296 | 8.2 HIGH | OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile |
| CVE-2026-41295 | 7.8 HIGH | OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Ch |
| CVE-2026-41297 | 7.6 HIGH | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirec |
| CVE-2026-41302 | 7.6 HIGH | OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Pl |
| CVE-2026-41299 | 7.1 HIGH | OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard |
| CVE-2026-41300 | 6.5 MEDIUM | OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding |
| CVE-2026-41389 | 5.8 MEDIUM | OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Path |
| CVE-2026-40045 | 5.7 MEDIUM | OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway |
| CVE-2026-41298 | 5.4 MEDIUM | OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint |
| CVE-2026-41331 | 5.3 MEDIUM | OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Tran |
| CVE-2026-41330 | 4.4 MEDIUM | OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy |
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-347
- CVE-2026-42193
Plunk: SNS webhook forgery - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41669
Admidio: SAML Signature Validation Result Ignored — Forged A - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic
V. Comments for CVE-2026-41301
No comments yet