Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
OpenClaw Chutes OAuth Login Can Be Hijacked by Malicious URLs
CVE-2026-28477
GHSA-7rcp-mxpq-72pj
Summary
Using OpenClaw Chutes with manual OAuth login, attackers could trick users into entering fake login data. This could allow an attacker to access a user's Chutes account instead of the intended one. Update to the latest version of OpenClaw to fix this issue.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
Original title
OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution
Original description
## Summary
The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.
## Impact
If an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.
The automatic local callback flow is not affected (it validates state in the local HTTP callback handler).
## Affected Packages / Versions
- `openclaw` (npm): `<= 2026.2.13` when using the manual Chutes OAuth login flow.
## Fix
The manual flow now requires the full redirect URL (must include `code` and `state`), validates the returned `state` against the expected value, and rejects code-only pastes.
## Fix Commit(s)
- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47
Thanks @aether-ai-agent for reporting.
The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.
## Impact
If an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.
The automatic local callback flow is not affected (it validates state in the local HTTP callback handler).
## Affected Packages / Versions
- `openclaw` (npm): `<= 2026.2.13` when using the manual Chutes OAuth login flow.
## Fix
The manual flow now requires the full redirect URL (must include `code` and `state`), validates the returned `state` against the expected value, and rejects code-only pastes.
## Fix Commit(s)
- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47
Thanks @aether-ai-agent for reporting.
nvd CVSS3.1
7.1
nvd CVSS4.0
5.9
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
- https://nvd.nist.gov/vuln/detail/CVE-2026-28477
- https://github.com/advisories/GHSA-7rcp-mxpq-72pj
- https://github.com/openclaw/openclaw/commit/a99ad11a4107ba8eac58f54a3c1a8a0cf568...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-7rcp-mxpq-72pj
- https://www.vulncheck.com/advisories/openclaw-oauth-state-validation-bypass-in-m...
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026