PT-2026-5584 · Openclaw · Openclaw

0Xacb

+2

·

Published

2026-01-31

·

Updated

2026-07-04

·

CVE-2026-25253

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29
Description OpenClaw contains a critical authentication bypass and server-side request forgery (SSRF) flaw in its WebSocket gateway. The issue occurs because the software fails to validate the gatewayUrl parameter provided in a query string before initializing a WebSocket connection. This allows a remote attacker to trick the system into sending authentication bearer tokens to an attacker-controlled endpoint via a specially crafted URL.
Exploitation of this flaw can lead to the theft of bot bearer tokens, unauthorized access to internal network services, and the theft of cloud metadata and IAM credentials (e.g., from 169.254.169.254). In some scenarios, this can result in full remote code execution (RCE) and complete compromise of connected automation workflows, databases, and cloud infrastructure. It is reported that over 135,000 instances remained exposed on public IPs after the vulnerability became known.
Recommendations Upgrade to OpenClaw version 2026.1.29 or later. Restrict external access to OpenClaw dashboard endpoints. Deploy WAF rules to block malicious gatewayUrl values. Enforce strict egress filtering on the network. Rotate all exposed credentials and bot tokens.

Exploit

Fix

LPE

RCE

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-01840
CVE-2026-25253
GHSA-G8P2-7WF7-98MQ
GHSA-R2C6-8JC8-G32W

Affected Products

Openclaw