DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-25157: Agentic Suicide: Pwnning OpenClaw via CVE-2026-25157

#security #cve #cybersecurity

Agentic Suicide: Pwnning OpenClaw via CVE-2026-25157

Vulnerability ID: CVE-2026-25157
CVSS Score: 7.8
Published: 2026-02-04

In the race to build 'Agentic AI'—software that doesn't just chat but actually does things—security often takes a backseat to functionality. OpenClaw (also known as Clawdbot or MoltBot) is a prime example of this hubris. CVE-2026-25157 reveals a pair of embarrassing OS Command Injection vulnerabilities in the application's SSH handling logic. By failing to sanitize simple strings like project paths and SSH targets, OpenClaw allows attackers to execute arbitrary code on both remote servers and the local developer machine. It turns out giving an AI unchecked SSH access is akin to handing a toddler a loaded handgun.

TL;DR

OpenClaw versions < 2026.1.29 contain two critical Command Injection flaws. The first allows remote code execution (RCE) via a malicious 'Project Root Path' injected into a failed 'cd' command. The second allows local RCE via SSH argument injection (using '-oProxyCommand'). If you use this tool, your machine and your servers are compromised.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-78 (OS Command Injection)
  • CVSS v3.1: 7.8 (High)
  • Attack Vector: Local & Remote (Context Dependent)
  • EPSS Score: 0.00021 (Low Probability)
  • Exploit Status: PoC Available / High Functional Reliability
  • Platform: macOS (Client) / Linux (Remote)

Affected Systems

  • OpenClaw (macOS Application)
  • Clawdbot
  • MoltBot
  • Remote SSH Servers managed by OpenClaw
  • OpenClaw: < 2026.1.29 (Fixed in: 2026.1.29)

Exploit Details

  • GitHub: PoC for related MoltBot/OpenClaw vulnerability chain

Mitigation Strategies

  • Input Validation
  • Argument Sanitization
  • Use of execv() instead of system()
  • Principle of Least Privilege

Remediation Steps:

  1. Upgrade OpenClaw to version 2026.1.29 or higher.
  2. Review SSH configurations for any targets starting with hyphens.
  3. Audit remote server logs for unexpected command execution patterns.
  4. Rotate SSH keys if exposure is suspected.

References

Read the full report for CVE-2026-25157 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)