GHSA-jjw7-3vjf-fg5j: OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

April 2, 2026 (updated April 6, 2026)

OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get

References

github.com/advisories/GHSA-jjw7-3vjf-fg5j
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d
github.com/openclaw/openclaw/releases/tag/v2026.3.31
github.com/openclaw/openclaw/security/advisories/GHSA-jjw7-3vjf-fg5j

Code Behaviors & Features

Detect and mitigate GHSA-jjw7-3vjf-fg5j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →