High severityOSV Advisory· Published Feb 1, 2026· Updated Feb 3, 2026
CVE-2026-25253
CVE-2026-25253
Description
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
clawdbotnpm | < 2026.1.29 | 2026.1.29 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-g8p2-7wf7-98mqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25253ghsaADVISORY
- depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keysghsaWEB
- github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mqghsaWEB
- openclaw.ai/blogghsaWEB
- ethiack.com/news/blog/one-click-rce-moltbotmitre
- x.com/0xacb/status/2016913750557651228mitre
News mentions
5- Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack ChainsCyber Security News · Jun 5, 2026
- Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught usMicrosoft Security Blog · Jun 4, 2026
- 'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDark Reading · May 18, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026
- Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code GameGitHub Security Lab · Apr 14, 2026