Cyber Resilience

CVE-2026-28477

MediumPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score v4 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.1th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28477 is a medium-severity CSRF (CWE-352) vulnerability in Openclaw Openclaw. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-28477 is an OAuth state validation bypass vulnerability affecting OpenClaw versions prior to 2026.2.14, specifically in the manual Chutes login flow. This issue allows attackers to circumvent CSRF protection (CWE-352) by failing to properly validate OAuth state parameters. Published on 2026-03-05, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N), indicating a high confidentiality impact with low complexity and user interaction required.

Remote attackers require no privileges to exploit this vulnerability by convincing victims to paste attacker-controlled OAuth callback data into the login flow. Successful attacks enable credential substitution, where the attacker's account credentials replace the user's, and token persistence for unauthorized access to the victim's session or resources.

Advisories recommend upgrading to OpenClaw 2026.2.14 or later, which addresses the issue via a commit at https://github.com/openclaw/openclaw/commit/a99ad11a4107ba8eac58f54a3c1a8a0cf5686f47. Further details on the vulnerability and remediation are provided in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-7rcp-mxpq-72pj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-oauth-state-validation-bypass-in-manual-chutes-login-flow.

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution…

more

and token persistence for unauthorized accounts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

OAuth state bypass in public-facing web app login flow enables remote exploitation (T1190) leading to credential substitution and unauthorized session/resource access via valid accounts (T1078).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32034Same product: Openclaw Openclaw
CVE-2026-41347Same product: Openclaw Openclaw
CVE-2026-44116Same product: Openclaw Openclaw
CVE-2026-35652Same product: Openclaw Openclaw
CVE-2026-32004Same product: Openclaw Openclaw
CVE-2026-28453Same product: Openclaw Openclaw
CVE-2026-31989Same product: Openclaw Openclaw
CVE-2026-8305Same product: Openclaw Openclaw
CVE-2026-43573Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations on the OAuth callback, blocking the state-validation bypass that permits unauthorized credential substitution.

prevent

Requires validation of all inputs including the OAuth state parameter, which the vulnerable manual Chutes flow fails to perform.

prevent

Protects session authenticity by ensuring OAuth responses cannot be forged or replayed via attacker-supplied callback data.

References