DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-6G25-PC82-VFWP: GHSA-6G25-PC82-VFWP: PKCE Verifier Exposure in OpenClaw OAuth Implementation

#security #cve #cybersecurity #ghsa

GHSA-6G25-PC82-VFWP: PKCE Verifier Exposure in OpenClaw OAuth Implementation

Vulnerability ID: GHSA-6G25-PC82-VFWP
CVSS Score: 9.8
Published: 2026-03-03

A critical information exposure vulnerability was identified in the OpenClaw macOS application's onboarding flow, specifically within its integration with Anthropic's OAuth service. The application incorrectly transmitted the Proof Key for Code Exchange (PKCE) code_verifier—a secret cryptographic material intended to be kept private—within the public state parameter of the OAuth authorization URL. This architectural flaw meant that the secret verifier was exposed in the query string of the redirect URL.

Because the state parameter travels via the browser front-channel, any attacker capable of intercepting the authorization code (for example, through malicious browser extensions, history sniffing, or local URL scheme monitoring) would simultaneously obtain the code_verifier. This negates the security protections offered by PKCE, allowing the attacker to exchange the intercepted code for a valid access token and take over the user's Anthropic session.

TL;DR

OpenClaw for macOS accidentally exposed the secret PKCE code_verifier in the public OAuth URL state parameter. This allowed attackers to intercept both the authorization code and the verifier, enabling full account takeover of connected Anthropic accounts. The feature was removed in the fix.

⚠️ Exploit Status: POC

Technical Details

  • CVE ID: GHSA-6G25-PC82-VFWP
  • CVSS v3.1: 9.8 (Critical)
  • CWE ID: CWE-598
  • Attack Vector: Network (AV:N)
  • Impact: Information Exposure / Account Takeover
  • Remediation: Feature Removal

Affected Systems

  • OpenClaw macOS Application (Beta versions prior to 2026-02-25)
  • OpenClaw macOS: < Commit 8f33100 (2026-02-25) (Fixed in: Commit 8f33100)

Code Analysis

Commit: 8f33100

Remove Anthropic OAuth onboarding flow and vulnerable code

Deleted AnthropicOAuth.swift, AnthropicAuthControls.swift
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Immediate update to the latest version of OpenClaw.
  • Revocation of any Anthropic API keys or OAuth tokens generated via the OpenClaw beta.
  • Review of application access logs for unusual IP addresses.

Remediation Steps:

  1. Update OpenClaw to the version including commit 8f33100 or later (released Feb 25, 2026).
  2. If you used the 'Connect Claude' feature in previous versions, log in to your Anthropic console and revoke all active sessions or API keys associated with OpenClaw.
  3. Re-authenticate using the new mechanism provided in the updated application (likely manual API key entry).

References

Read the full report for GHSA-6G25-PC82-VFWP on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)