OpenClaw versions earlier than 2026.4.2 mistakenly reuse the PKCE verifier as the OAuth state parameter during the Gemini OAuth flow. This design flaw exposes the verifier in the redirect URL, allowing an attacker who captures the redirect to obtain both the authorization code and the PKCE verifier. With these values, the attacker can bypass PKCE protection and redeem an access token. The weakness is a form of improper cryptographic usage identified by CWE‑330.

The vulnerability impacts OpenClaw software releases before 2026.4.2 that implement the Gemini OAuth flow. All installations of OpenClaw using these versions are susceptible because the PKCE verifier is treated as the state parameter during authentication.

The CVSS score of 6 denotes moderate severity, and the absence of an EPSS score or KEV listing indicates that no publicly known exploits have been documented yet. Exploitation requires the attacker to intercept the OAuth redirect URL, which can be achieved through network sniffing, a compromised client device, or redirected traffic. No elevated privileges on the OpenClaw server are needed, making the attack relatively straightforward once the redirect is captured. Because the attacker can obtain a valid access token, the potential impact on confidentiality, integrity, and availability is significant if the compromised token is used to access protected resources.