GHSA-9JPJ-G8VV-J5MF: CVE-2026-34511: PKCE Verifier Exposure via OAuth State Parameter in OpenClaw

CVE-2026-34511: PKCE Verifier Exposure via OAuth State Parameter in OpenClaw Vulnerability ID: GHSA-9JPJ-G8VV-J5MF CVSS Score: 6.0 Published: 2026-04-04 OpenClaw versions prior to 2026.4.2 contain a security parameter isolation violation in the Gemini OAuth flow. The application incorrectly reuses the PKCE code_verifier as the value for the OAuth state parameter, exposing the secret verifier in plaintext via the redirect URI and defeating PKCE protections. TL;DR The OpenClaw Gemini extension leaks the PKCE code_verifier by assigning it to the OAuth state parameter. Attackers who intercept the redirect URI can perform an authorization code exchange and obtain user access tokens. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-1259, CWE-330, CWE-200 Attack Vector : Network CVSS v4.0 Score : 6.0 CVSS v3.1 Vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Impact : High Confidentiality Exploit Status : poc KEV Status : Not Listed Affected Systems OpenClaw Google/Gemini Extension O