GHSA-7RCP-MXPQ-72PJ: OpenClaw Chutes: The 'Trust Me Bro' OAuth State Bypass

# security# cve# cybersecurity# ghsa
GHSA-7RCP-MXPQ-72PJ: OpenClaw Chutes: The 'Trust Me Bro' OAuth State BypassCVE Reports

OpenClaw Chutes: The 'Trust Me Bro' OAuth State Bypass Vulnerability ID:...

OpenClaw Chutes: The 'Trust Me Bro' OAuth State Bypass

Vulnerability ID: GHSA-7RCP-MXPQ-72PJ
CVSS Score: 4.3
Published: 2026-02-18

A logic flaw in OpenClaw's manual OAuth input parsing allowed attackers to bypass state validation by simply providing a bare authorization code. The application helpfully, but insecurely, assumed that any non-URL input was a valid code and automatically attached the expected session state to it, enabling credential substitution attacks.

TL;DR

OpenClaw tried to make manual OAuth easy by letting users paste just the code. Instead, they broke CSRF protection. Attackers can trick victims into logging into the attacker's account by providing a raw code, which the app blindly accepts.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-352 (CSRF)
  • Attack Vector: Network / Social Engineering
  • CVSS: 4.3 (Medium)
  • Impact: Credential Substitution
  • Exploit Status: PoC Available
  • Patch: v2026.2.14

Affected Systems

  • OpenClaw Chutes (npm package)
  • OpenClaw CLI Agent
  • openclaw: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: a99ad11

Remove permissive regex fallback and enforce strict state validation

- if (!/\s/.test(trimmed) && !trimmed.includes("://") && trimmed.length > 0) {
-   return { code: trimmed, state: expectedState };
- }
+ if (!trimmed.includes("?") && !trimmed.includes("=")) {
+   return { error: "Paste the full redirect URL (must include code + state)." };
+ }
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Internal: Theoretical flow demonstrated by reporter @aether-ai-agent

Mitigation Strategies

  • Disable 'fuzzy' input parsing for security-critical tokens.
  • Enforce strict 1:1 validation of OAuth state parameters.
  • Update UI text to discourage pasting partial credentials.

Remediation Steps:

  1. Upgrade openclaw to version v2026.2.14 or later.
  2. Review any custom OAuth integration scripts to ensure they handle full URL callbacks.

References

Read the full report for GHSA-7RCP-MXPQ-72PJ on our website for more details including interactive diagrams and full exploit analysis.