CVE-2026-28477
Published
CVSS v3
7.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token persistence for unauthorized accounts.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub