Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-34511EXPLOITEDPATCHED

openclaw · openclaw

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

Description

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.

Affected Products

Vendor	Product	Versions
openclaw	openclaw	0, 2026.4.1

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf(vendor-advisory)
https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f(patch)
https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter(third-party-advisory)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-34511 | OpenClaw up to 2026.4.1 Parameter random values

→ No new info (linked only)

CVSS 3.15.3 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2026.4.2

CWECWE-330, CWE-331

PublishedApr 3, 2026

Last enriched1d agov2

Tags

privilege escalationcode executiondata disclosuresecurity bypassinsufficient randomness

Trending Score37

Source articles1

Independent1

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-33579

OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

NONECVE-2026-34425EXP

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CRITICALCVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free executio

CRITICALCVE-2026-30741

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

NONECVE-2026-34426

OpenClaw - Approval Bypass via Environment Variable Normalization

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Updated: affectedVersions, severity, cweIds, tags

Apr 3, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include 2026.4.1, changed severity to HIGH, added CWE-331, and noted no exploit available.

affectedVersionsseveritycweIdstags

via VulDB

v11d ago

Initial creation