Information Disclosure Vulnerability in OpenClaw Client by OpenClaw
CVE-2026-3691

5.3MEDIUM

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 11 April 2026

What is CVE-2026-3691?

The OpenClaw Client is susceptible to an information disclosure vulnerability that occurs during the OAuth authorization process. This flaw allows remote attackers to potentially expose stored credentials by manipulating the authorization URL query string. The attacker requires user interaction to exploit this vulnerability, necessitating that the victim initiate an OAuth authorization flow. If exploited, the vulnerability could lead to a significant compromise of user data and credentials, emphasizing the need for immediate remediation.

Affected Version(s)

OpenClaw 2026.2.21

References

https://www.zerodayinitiative.com/advisories/ZDI-26-229/

x_research-advisory

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2026
Vulnerability Reserved
Mar 7, 2026

CVE-2026-3691 Data

JSON

Openclaw

What is CVE-2026-3691?

Affected Version(s)

References

CVSS V3.0

Timeline