VYPR
High severityOSV Advisory· Published Feb 1, 2026· Updated Feb 3, 2026

CVE-2026-25253

CVE-2026-25253

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
clawdbotnpm
< 2026.1.292026.1.29

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

5