CVE-2026-25253 - Vulnerability Details

- Unvalidated WebSocket Connection Enables Remote Code Execution

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Published: 2026-02-01

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

OpenClaw (clawdbot or Moltbot) binaries older than version 2026.1.29 automatically read a gatewayUrl value from a query string and establish a WebSocket connection to that URL without user confirmation, sending an authentication token in the process. This behaviour allows a remote attacker to supply a malicious WebSocket endpoint, receive the token, and potentially exfiltrate data or execute code on the client. The flaw is a CWE‑669 error: improper validation of user input in a security‑critical operation.

Affected Systems

The affected product is OpenClaw, shipped as OpenClaw (clawdbot or Moltbot). Only installations running a pre‑2026.1.29 release are vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating a high‑severity risk, but the EPSS score is well below 1%, suggesting that real‑world exploitation is currently uncommon. The flaw is not included in the CISA KEV catalog. Attackers can trigger it by crafting a URL that includes a gatewayUrl query string pointing to a WebSocket server under their control; the victim’s client will then open the connection automatically, allowing the attacker to capture the token and communicate with the client. Because the vulnerability relies on client‑side processing of a URL, it can be triggered through social‑engineering or phishing campaigns.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OpenClaw

unaffected

Version	Status	Constraints
`0`	affected	< 2026.1.29

Configuration 1 [-]

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

No data.

Vendor	Product	Confidence	Versions
Openclaw	Openclaw	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the OpenClaw installation to version 2026.1.29 or later, which removes the automatic WebSocket connection for unauthenticated gateway URLs.
If an upgrade is not immediately possible, add input validation to the gatewayUrl query parameter so that only URLs from a trusted list of domains can be processed.
Disable or block outbound WebSocket traffic (ws:// and wss:// schemes) from the OpenClaw service unless explicitly required, to prevent accidental connections to malicious servers.
Monitor outbound network activity from OpenClaw instances for unexpected WebSocket connections and investigate any anomalies.

Generated by OpenCVE AI on April 18, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-g8p2-7wf7-98mq	OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00093.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
https://ethiack.com/news/blog/one-click-rce-moltbot
https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
https://openclaw.ai/blog
https://x.com/0xacb/status/2016913750557651228

History

Sat, 18 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Title		Unvalidated WebSocket Connection Enables Remote Code Execution

Fri, 13 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:openclaw:openclaw::::::node.js::*

Tue, 03 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 03 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openclaw Openclaw openclaw
Vendors & Products		Openclaw Openclaw openclaw

Mon, 02 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
References		https://ethiack.com/news/blog/one-click-rce-moltbot https://x.com/0xacb/status/2016913750557651228

Sun, 01 Feb 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Weaknesses		CWE-669
References		https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq https://openclaw.ai/blog
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

Openclaw Openclaw

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-02-01T22:34:17.590Z

Updated: 2026-02-03T15:32:57.600Z

Reserved: 2026-02-01T22:34:17.326Z

Link: CVE-2026-25253

Vulnrichment

Updated: 2026-02-03T14:37:14.992Z

NVD

Status : Analyzed

Published: 2026-02-01T23:15:49.717

Modified: 2026-02-13T17:41:02.987

Link: CVE-2026-25253

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:00:11Z

Weaknesses

CWE-669

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object