OpenClaw Client PKCE Verifier Information Disclosure Vulnerability

OpenClaw contains a credential disclosure vulnerability (CVE-2026-3691) that allows remote attackers to access stored credentials when a user initiates an OAuth authorization flow. The vulnerability has a CVSS score of 5.3 and requires user interaction to exploit. Security teams should prioritize patching OpenClaw installations and educating users about risks when authorizing OAuth flows from untrusted sources.