GHSA-7RCP-MXPQ-72PJ
Vulnerability from github – Published: 2026-02-18 17:41 – Updated: 2026-02-18 17:41
VLAI?
Summary
OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution
Details
Summary
The manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.
Impact
If an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.
The automatic local callback flow is not affected (it validates state in the local HTTP callback handler).
Affected Packages / Versions
openclaw(npm):<= 2026.2.13when using the manual Chutes OAuth login flow.
Fix
The manual flow now requires the full redirect URL (must include code and state), validates the returned state against the expected value, and rejects code-only pastes.
Fix Commit(s)
- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47
Thanks @aether-ai-agent for reporting.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-18T17:41:00Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nThe manual Chutes OAuth login flow could accept attacker-controlled callback input in a way that bypassed OAuth CSRF state validation, potentially resulting in credential substitution.\n\n## Impact\n\nIf an attacker can convince a user to paste attacker-provided OAuth callback data during the manual login prompt, OpenClaw may exchange an attacker-obtained authorization code and persist tokens for the wrong Chutes account.\n\nThe automatic local callback flow is not affected (it validates state in the local HTTP callback handler).\n\n## Affected Packages / Versions\n\n- `openclaw` (npm): `\u003c= 2026.2.13` when using the manual Chutes OAuth login flow.\n\n## Fix\n\nThe manual flow now requires the full redirect URL (must include `code` and `state`), validates the returned `state` against the expected value, and rejects code-only pastes.\n\n## Fix Commit(s)\n\n- a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47\n\nThanks @aether-ai-agent for reporting.",
"id": "GHSA-7rcp-mxpq-72pj",
"modified": "2026-02-18T17:41:00Z",
"published": "2026-02-18T17:41:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7rcp-mxpq-72pj"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw Chutes manual OAuth state validation bypass can cause credential substitution"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…