Dev.to1 min read
GHSA-9JPJ-G8VV-J5MF: CVE-2026-34511: PKCE...
CVE-2026-34511: PKCE Verifier Exposure via OAuth State Parameter in OpenClaw Vulnerability ID: GHSA-9JPJ-G8VV-J5MF CVSS Score: 6.0 Published: 2026-04-04 OpenClaw versions prior to 2026.4.2 contain a security parameter isolation violation in the Gemini OAuth flow. The application incorrectly reuses the PKCE code_verifier as the value for the OAuth state parameter, exposing the secret verifier in plaintext via the redirect URI and defeating PKCE protections. TL;DR The OpenClaw Gemini extension lea
Read original on dev.to0
0Related
Hacker News
$500 GPU outperforms Claude Sonnet on coding benchmarks
Discussed on Hacker News with 377 points and 217 comments.
377
217Hacker News
Whistler: Live eBPF Programming from the Common Lisp REPL
Discussed on Hacker News with 115 points and 13 comments.
115
13Hacker News
Anthropic Subprocessor Changes
Discussed on Hacker News with 98 points and 44 comments.
98
44Get the 10 best reads every Sunday
Curated by AI, voted by readers. Free forever.
Liked this? Start your own feed.
Comment
Sign in to join the discussion.
Loading comments…