VDB
KO
MEDIUM

GHSA-6g25-pc82-vfwp

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Details

### Summary

The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in **beta**. In that beta onboarding flow, Anthropic OAuth used the PKCE `code_verifier` value as OAuth `state`, exposing that secret in front-channel URL state.

### Affected Packages / Versions

- Package: `openclaw` (npm) - Affected versions: `<= 2026.2.24` (latest published npm at triage time) - Affected surface: macOS app beta onboarding path (`apps/macos`) - Not affected: core CLI/gateway onboarding paths - Patched version : `2026.2.25`

### Impact

Scope is limited to the macOS beta onboarding OAuth path. Exploitation required obtaining both OAuth authorization artifacts and exposed `state` values during that flow.

### Remediation

OpenClaw removed Anthropic OAuth sign-in from macOS onboarding and now supports setup-token-only Anthropic subscription auth in this path.

### Fix Commit(s)

- `8f3310000a8b0c11eced054c2cdb6fb27803511a`

### Release Process Note

`patched_versions` is pre-set to the release (`2026.2.25`). Advisory published with npm release `2026.2.25`.2.25` is published, this advisory is published.

OpenClaw thanks @zdi-disclosures for reporting.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openclaw
Introduced in: 0 Fixed in: 2026.2.25
Fix npm install openclaw@2026.2.25

References