CVE-2026-25253

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29

Description OpenClaw, formerly known as Clawdbot and Moltbot, is vulnerable to a critical remote code execution (RCE) vulnerability (CVE-2026-25253). This flaw allows attackers to steal authentication tokens via a crafted URL, enabling unauthorized access and control of the system. The vulnerability stems from improper validation of the gatewayUrl parameter, which allows attackers to establish a WebSocket connection and execute arbitrary commands. Reports indicate over 17,500 instances were exposed, and the vulnerability was actively exploited. The issue affects systems running OpenClaw and can lead to full system compromise, including credential theft and data breaches. Security researchers have developed tools to detect and mitigate this vulnerability.

Recommendations Update OpenClaw to version 2026.1.29 or later immediately to address this critical vulnerability. Implement robust security measures, including restricting external access, deploying Web Application Firewalls (WAFs), and regularly rotating credentials. Consider using security scanners like Coyote Security Scanner to identify and address potential vulnerabilities. Prioritize secure coding practices and isolation techniques to prevent similar issues in the future.