CVE-2026-3691: OpenClaw OAuth PKCE Verifier Leaks Stored Credentials in Authorization URL
A medium-severity information disclosure vulnerability in OpenClaw's OAuth PKCE verifier exposes stored credentials in the authorization URL query string, requiring user interaction to exploit.
A vulnerability in the OpenClaw client's OAuth PKCE verifier implementation, tracked as CVE-2026-3691, allows remote attackers to disclose stored credentials by tricking a user into initiating an OAuth authorization flow. The flaw, disclosed by the Zero Day Initiative on March 30, 2026, carries a CVSS score of 5.3 and stems from the exposure of sensitive data in the authorization URL query string.
The specific weakness lies in how OpenClaw handles the Proof Key for Code Exchange (PKCE) flow during OAuth authorization. PKCE is a standard security mechanism designed to prevent authorization code interception attacks, but OpenClaw's implementation inadvertently includes stored credentials—such as access tokens or refresh tokens—as query parameters in the authorization URL. An attacker who can observe or intercept this URL (e.g., through network sniffing, log inspection, or referrer headers) can capture those credentials and use them to gain unauthorized access to the victim's accounts.
Exploitation requires user interaction: the target must be persuaded to start an OAuth authorization flow, typically by clicking a link or visiting a malicious page that triggers the flow. Once the flow begins, the vulnerable OpenClaw client constructs the authorization request with credentials embedded in the URL, which the attacker can then harvest. The attack complexity is rated as high because the attacker must be in a position to observe the URL—either on the same network, via a compromised intermediary, or through a cross-site request forgery (CSRF) style attack.
OpenClaw has released a security update to address the vulnerability. The fix is detailed in GitHub advisory GHSA-6g25-pc82-vfwp, and users are strongly advised to update their OpenClaw installations immediately. The advisory notes that the update corrects the PKCE verifier to avoid leaking credentials in the authorization URL.
The vulnerability was discovered and reported by researchers Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), and Project AESIR with TrendAI Zero Day Initiative. The disclosure timeline shows the report was submitted to OpenClaw on February 25, 2026, with the coordinated public release occurring on March 30, 2026.
While the CVSS score is moderate, the potential impact is significant because credential disclosure can lead to full account compromise, especially if the leaked tokens have broad scopes or long expiration periods. Organizations using OpenClaw for OAuth-based authentication should prioritize patching and review their authorization flows for similar leakage risks. This vulnerability underscores the importance of careful implementation of OAuth and PKCE standards, where even minor deviations can undermine the security guarantees they are meant to provide.