Information disclosure in Openclaw
CVE-2026-3691
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability…
Vulnerability class: Information Disclosure
EPSS: 0.001 (22.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Openclaw — versions 2026.2.21
Weakness classification (CWE)
References
- ZDI-26-229 (x_research-advisory)
- vendor-provided URL (vendor-advisory)
Frequently asked questions
- What is CVE-2026-3691?
- CVE-2026-3691 is a medium-severity vulnerability in Openclaw, classified under Information Disclosure. CVSS score: 5.3/10. Published 2026-04-11.
- How severe is CVE-2026-3691?
- Medium severity. CVSS v3 base score is 5.3 out of 10.