Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/04/03 9:31 p.m.5 views

Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it...

6CVSS5.9AI score0.00036EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/03 8:45 p.m.2 views

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00036EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/03 8:45 p.m.1 views

CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00036EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.1 views

PT-2026-29659

Summary All three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent requests. When two users initiate OAuth login for the same provider...

7.7CVSS6AI score0.00025EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2026/03/03 12:39 a.m.5 views

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.9AI score
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/03 12:39 a.m.1 views

GHSA-6G25-PC82-VFWP OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.1CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder