CVE-2026-3691

Name of the Vulnerable Software and Affected Versions OpenClaw (affected versions not specified)

Description An issue exists in OpenClaw that allows remote attackers to disclose stored credentials. User interaction is required, specifically the target must initiate an OAuth authorization flow. The flaw is due to the exposure of sensitive data in the authorization URL query string, potentially leading to further compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.