PT-2026-5584 · Openclaw · Openclaw
0Xacb
+2
·
Published
2026-01-31
·
Updated
2026-07-04
·
CVE-2026-25253
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.1.29
Description
OpenClaw contains a critical authentication bypass and server-side request forgery (SSRF) flaw in its WebSocket gateway. The issue occurs because the software fails to validate the
gatewayUrl parameter provided in a query string before initializing a WebSocket connection. This allows a remote attacker to trick the system into sending authentication bearer tokens to an attacker-controlled endpoint via a specially crafted URL.Exploitation of this flaw can lead to the theft of bot bearer tokens, unauthorized access to internal network services, and the theft of cloud metadata and IAM credentials (e.g., from 169.254.169.254). In some scenarios, this can result in full remote code execution (RCE) and complete compromise of connected automation workflows, databases, and cloud infrastructure. It is reported that over 135,000 instances remained exposed on public IPs after the vulnerability became known.
Recommendations
Upgrade to OpenClaw version 2026.1.29 or later.
Restrict external access to OpenClaw dashboard endpoints.
Deploy WAF rules to block malicious
gatewayUrl values.
Enforce strict egress filtering on the network.
Rotate all exposed credentials and bot tokens.Exploit
Fix
LPE
RCE
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw