GHSA-65h8-27jh-q8wv: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

March 26, 2026

Nostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation.

References

github.com/advisories/GHSA-65h8-27jh-q8wv
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77
github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv

Code Behaviors & Features

Detect and mitigate GHSA-65h8-27jh-q8wv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →