{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3691", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-03-07T01:53:31.937Z", "datePublished": "2026-04-11T00:17:40.509Z", "dateUpdated": "2026-04-13T17:42:24.369Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-04-11T00:17:40.509Z"}, "title": "OpenClaw Client PKCE Verifier Information Disclosure Vulnerability", "descriptions": [{"lang": "en", "value": "OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow.\n\nThe specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381."}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"version": "2026.2.21", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-229/", "name": "ZDI-26-229", "tags": ["x_research-advisory"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-03-07T01:53:32.004Z", "datePublic": "2026-03-30T13:21:56.169Z", "source": {"lang": "en", "value": "Peter Girnus (@gothburz), Demeng Chen (@DemengChen233), Project AESIR with TrendAI Zero Day Initiative"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T17:42:15.767036Z", "id": "CVE-2026-3691", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:42:24.369Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow.\n\nThe specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381."}], "id": "CVE-2026-3691", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-04-11T01:16:16.123", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-229/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2026.2.21"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenClaw", "source": "cna", "vendor": "OpenClaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-11T02:51:44.822980+00:00", "value": {"mitigation_remediation": ["Apply the latest OpenClaw client update that addresses the PKCE verifier information disclosure (see the GitHub advisory and Zero Day Initiative report).", "If a patch is not yet available, restrict OAuth authorization to trusted clients or disable the PKCE verifier functionality if the client offers that option."], "summary": {"action": "Patch Immediately", "impact": "Remote Information Disclosure"}, "threat_synthesis": {"affected_systems": "OpenClaw\u2019s client application is affected. Any installation that implements the OAuth flow is vulnerable; the advisory does not specify a version range, so all releases prior to the fix are at risk.", "description_and_impact": "The flaw resides in the OAuth authorization flow of the OpenClaw client, where a PKCE verifier is inadvertently exposed in the authorization URL query string. This exposure permits a remote actor to read locally stored credentials when the target initiates an authentication request. The consequence is that an attacker obtains credentials that could be used to impersonate the user or access protected resources, effectively escalating privileges on the susceptible system.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. Exploitation requires user interaction, as the target must start an OAuth authorization flow. An attacker can observe or inject the request to capture the verifier in the query string, so the technical barrier is modest. EPSS data is not available and the vulnerability is not currently listed in CISA\u2019s KEV catalog, suggesting limited exploitation reports. Nonetheless, the exposed credentials can lead to significant compromise if abused."}}}}, "created": "2026-04-13T12:42:05.140817+00:00", "updated": "2026-04-13T12:56:49.735170+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}