Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-3691

CVE-2026-3691: OpenClaw Client Info Disclosure Flaw

CVE-2026-3691 is an information disclosure vulnerability in OpenClaw Client that exposes PKCE verifiers in OAuth flows, allowing attackers to access stored credentials. This article covers technical details, impact, and mitigation.

Published: April 17, 2026

CVE-2026-3691 Overview

CVE-2026-3691 is an information disclosure vulnerability in OpenClaw Client affecting the implementation of OAuth authorization with PKCE (Proof Key for Code Exchange). This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. The flaw exists within the OAuth authorization implementation, where sensitive data is improperly exposed in the authorization URL query string.

User interaction is required to exploit this vulnerability—specifically, the target must initiate an OAuth authorization flow. An attacker can leverage this vulnerability to disclose stored credentials, potentially leading to further compromise of user accounts and associated services.

Critical Impact

Remote attackers can intercept PKCE verifier values exposed in authorization URLs, enabling credential disclosure and potential account takeover when users initiate OAuth flows.

Affected Products

  • OpenClaw Client (versions not specified in advisory)

Discovery Timeline

  • 2026-04-11 - CVE-2026-3691 published to NVD
  • 2026-04-13 - Last updated in NVD database

Technical Details for CVE-2026-3691

Vulnerability Analysis

This vulnerability (tracked as ZDI-CAN-29381) stems from improper handling of sensitive OAuth parameters during the authorization flow. PKCE is a security extension to OAuth 2.0 designed to prevent authorization code interception attacks, particularly in public clients where the client secret cannot be stored securely.

The vulnerability allows attackers on the network path to capture the PKCE code verifier value when it is inappropriately exposed in the authorization URL query string. Under the PKCE specification (RFC 7636), the code verifier should never be transmitted directly—only the hashed code_challenge should be sent in the authorization request, with the original verifier only sent during the token exchange.

Root Cause

The root cause is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The OpenClaw client implementation incorrectly includes the PKCE code verifier in the authorization URL query parameters, rather than keeping it client-side until the token exchange phase. This violates the fundamental security property of PKCE by exposing the secret value that should protect the authorization code exchange.

Attack Vector

The attack vector is network-based with high complexity, requiring no privileges but necessitating user interaction. An attacker positioned to observe network traffic (such as through a man-in-the-middle position, malicious browser extension, or server-side logging) can capture the exposed PKCE verifier from the authorization URL.

The attack flow involves:

  1. User initiates OAuth authorization flow in OpenClaw client
  2. Client generates authorization URL with PKCE parameters
  3. Code verifier is incorrectly exposed in the URL query string
  4. Attacker intercepts the authorization request via network observation
  5. Attacker uses the captured verifier to complete the token exchange after obtaining the authorization code
  6. Stored credentials associated with the OAuth flow are disclosed

For technical implementation details, see the GitHub Security Advisory and Zero Day Initiative Advisory ZDI-26-229.

Detection Methods for CVE-2026-3691

Indicators of Compromise

  • Unusual authorization URL patterns containing code_verifier parameters in query strings
  • Multiple OAuth token exchange attempts from different IP addresses using the same authorization code
  • Evidence of credential access from unexpected locations following OAuth authentication events
  • Authorization server logs showing verifier values in request URLs rather than POST bodies

Detection Strategies

  • Monitor network traffic for OAuth authorization requests containing PKCE verifier values in URL parameters
  • Implement alerting on OAuth flows where the same authorization code is used with token exchange attempts from multiple sources
  • Review application logs for authorization URLs that inappropriately include sensitive cryptographic values
  • Deploy network intrusion detection rules to identify PKCE implementation violations in OAuth traffic

Monitoring Recommendations

  • Enable verbose logging on OAuth authorization servers to track authorization code usage patterns
  • Implement anomaly detection for OAuth token exchanges that occur from different network contexts than the original authorization
  • Configure SIEM rules to correlate OAuth authorization requests with subsequent credential access events
  • Monitor for signs of credential misuse following user-initiated OAuth flows in OpenClaw

How to Mitigate CVE-2026-3691

Immediate Actions Required

  • Review and update OpenClaw client installations to patched versions when available
  • Audit existing OAuth authorization flows for proper PKCE implementation
  • Implement network segmentation to limit exposure of OAuth traffic to potential attackers
  • Consider temporarily disabling PKCE-based authentication if a patch is not yet available and risk is unacceptable
  • Force re-authentication for users who may have been exposed to this vulnerability

Patch Information

Security patches and remediation guidance are available through the official security advisories. Administrators should consult the GitHub Security Advisory GHSA-6g25-pc82-vfwp for specific patch versions and update instructions. The vulnerability has also been documented by the Zero Day Initiative as ZDI-26-229.

Workarounds

  • Implement additional transport-layer security to protect OAuth flows from network observation
  • Deploy a reverse proxy or API gateway that strips sensitive parameters from authorization URLs before logging
  • Use network monitoring to detect and alert on improper PKCE parameter exposure
  • Consider implementing additional authentication factors to reduce impact of potential credential disclosure
  • Restrict OAuth scopes to minimize the impact of any credential compromise
bash
# Example: Audit OAuth authorization URLs in web server logs for exposed verifiers
grep -E "code_verifier=" /var/log/nginx/access.log | \
  awk '{print $1, $4, $7}' | \
  sort -u > potential_pkce_exposure.txt

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechOpenclaw
  • SeverityMEDIUM
  • CVSS Score5.3
  • EPSS Probability0.06%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-200
  • Technical References
  • GitHub Security Advisory
  • Zero Day Initiative Advisory
  • Related CVEs
  • CVE-2026-40045: OpenClaw Information Disclosure Flaw
  • CVE-2026-41389: OpenClaw Information Disclosure Flaw
  • CVE-2026-35651: Openclaw Information Disclosure Flaw
  • CVE-2026-32982: Openclaw Information Disclosure Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English