OpenClaw, Open Door: The 1-Click RCE That Stole Your AI's Brain
Vulnerability ID: CVE-2026-25253
CVSS Score: 8.8
Published: 2026-02-01
A critical logic flaw in OpenClaw (formerly Moltbot) allows attackers to perform a one-click Remote Code Execution (RCE) attack. By manipulating a simple URL parameter, an attacker can force the OpenClaw frontend to initiate a WebSocket connection to a malicious server and—in a stroke of helpful stupidity—immediately hand over the user's authentication token. This allows the attacker to impersonate the user, hijacking the AI agent to execute arbitrary commands on the host machine.
TL;DR
OpenClaw trusted the 'gatewayUrl' query parameter without validation. Attackers can craft a link that, when clicked by a logged-in user, forces their browser to send their authentication token to a malicious WebSocket server. This token grants full control over the AI agent, leading to immediate RCE.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-669 (Incorrect Resource Transfer Between Spheres)
- Attack Vector: Network (Web)
- CVSS Score: 8.8 (High)
- Impact: Remote Code Execution (RCE)
- Prerequisites: User Interaction (1-Click)
- Exploit Status: PoC Available
Affected Systems
- OpenClaw Agent
- Moltbot (Legacy Name)
- ClawdBot (Legacy Name)
-
OpenClaw: < 2026.1.29 (Fixed in:
2026.1.29)
Exploit Details
- Ethiack Research: Original research detailing the WebSocket token leak.
- DepthFirst: Technical teardown and PoC steps.
Mitigation Strategies
- Input Validation on Client-Side
- Origin Checking (Same-Origin Policy enforcement)
- User Consent Prompts for Critical Actions
Remediation Steps:
- Upgrade OpenClaw immediately to version 2026.1.29 or higher.
- Invalidate all existing user tokens (force logout) to ensure previously stolen tokens are useless.
- Check server logs for connections to unknown websocket gateways if logs are available.
References
Read the full report for CVE-2026-25253 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)