Vulnerabilities

CVE-2026-25253

by Fred · 01/02/2026

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

More information : https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys

Similar

Tags: Cybersecurity Alert