Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
OpenClaw macOS Beta Onboarding Exposes Sensitive Data
GHSA-6g25-pc82-vfwp
Summary
The OpenClaw macOS beta app's onboarding process exposes sensitive information, which could be used by an attacker to gain unauthorized access. Affected users should update to the latest version of the app, which has fixed this issue. This issue only affects users who are using the beta version of the app and have not yet set up their account through the app.
What to do
- Update openclaw to version 2026.2.25.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.24 | 2026.2.25 |
Original title
OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state
Original description
### Summary
The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in **beta**.
In that beta onboarding flow, Anthropic OAuth used the PKCE `code_verifier` value as OAuth `state`, exposing that secret in front-channel URL state.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.24` (latest published npm at triage time)
- Affected surface: macOS app beta onboarding path (`apps/macos`)
- Not affected: core CLI/gateway onboarding paths
- Patched version : `2026.2.25`
### Impact
Scope is limited to the macOS beta onboarding OAuth path. Exploitation required obtaining both OAuth authorization artifacts and exposed `state` values during that flow.
### Remediation
OpenClaw removed Anthropic OAuth sign-in from macOS onboarding and now supports setup-token-only Anthropic subscription auth in this path.
### Fix Commit(s)
- `8f3310000a8b0c11eced054c2cdb6fb27803511a`
### Release Process Note
`patched_versions` is pre-set to the release (`2026.2.25`).
Advisory published with npm release `2026.2.25`.2.25` is published, this advisory is published.
OpenClaw thanks @zdi-disclosures for reporting.
The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in **beta**.
In that beta onboarding flow, Anthropic OAuth used the PKCE `code_verifier` value as OAuth `state`, exposing that secret in front-channel URL state.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.24` (latest published npm at triage time)
- Affected surface: macOS app beta onboarding path (`apps/macos`)
- Not affected: core CLI/gateway onboarding paths
- Patched version : `2026.2.25`
### Impact
Scope is limited to the macOS beta onboarding OAuth path. Exploitation required obtaining both OAuth authorization artifacts and exposed `state` values during that flow.
### Remediation
OpenClaw removed Anthropic OAuth sign-in from macOS onboarding and now supports setup-token-only Anthropic subscription auth in this path.
### Fix Commit(s)
- `8f3310000a8b0c11eced054c2cdb6fb27803511a`
### Release Process Note
`patched_versions` is pre-set to the release (`2026.2.25`).
Advisory published with npm release `2026.2.25`.2.25` is published, this advisory is published.
OpenClaw thanks @zdi-disclosures for reporting.
ghsa CVSS4.0
5.1
Vulnerability type
CWE-200
Information Exposure
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026