Description
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Published: 2026-02-01
Score: 8.8 High
EPSS: 8.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw, also known as clawdbot or Moltbot, before version 2026.1.29 automatically reads a gatewayUrl value from a query string and establishes a WebSocket connection to that URL while sending the authentication token as part of the connection. This behaviour allows a remote attacker to capture the token that is being transmitted. The flaw is a CWE‑669 error: improper validation of user input in a security‑critical operation, and the impact is primarily the illicit acquisition of credentials that could be used to access authenticated resources or potentially launch further attacks.

Affected Systems

The affected product is OpenClaw, shipped as OpenClaw (clawdbot or Moltbot). Only installations running a pre‑2026.1.29 release are vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating a high‑severity risk, but the EPSS score is 8%, indicating a low exploitation probability in real‑world scenarios. The flaw is not included in the CISA KEV catalog. Based on the description, the likely attack vector is a crafted URL containing a gatewayUrl query string that points to a malicious WebSocket server; the victim’s client will automatically open the connection and transmit the token, allowing the attacker to capture it. Because the vulnerability relies on client‑side processing of a URL, it can be triggered through social‑engineering or phishing campaigns.

Generated by OpenCVE AI on June 24, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OpenClaw installation to version 2026.1.29 or later, which removes the automatic WebSocket connection for unauthenticated gateway URLs.
  • If an upgrade is not immediately possible, add input validation to the gatewayUrl query parameter so that only URLs from a trusted list of domains can be processed.
  • Disable or block outbound WebSocket traffic (ws:// and wss:// schemes) from the OpenClaw service unless explicitly required, to prevent accidental connections to malicious servers.
  • Monitor outbound network activity from OpenClaw instances for unexpected WebSocket connections and investigate any anomalies.

Generated by OpenCVE AI on June 24, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g8p2-7wf7-98mq OpenClaw/Clawdbot has 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
History

Wed, 24 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Title Token Exfiltration through Automatic WebSocket Connection in OpenClaw

Wed, 24 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Token Exfiltration through Automatic WebSocket Connection in OpenClaw

Wed, 24 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Automatic WebSocket Connection Allows Token Theft in OpenClaw

Tue, 23 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Automatic WebSocket Connection Allows Token Theft in OpenClaw

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Title Automatic WebSocket Connection Without Validation Leads to Remote Exploit

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Automatic WebSocket Connection Without Validation Leads to Remote Exploit

Tue, 16 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Title Unvalidated WebSocket Connection Enables Remote Code Execution

Sat, 18 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title Unvalidated WebSocket Connection Enables Remote Code Execution

Fri, 13 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

Tue, 03 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Mon, 02 Feb 2026 23:15:00 +0000


Sun, 01 Feb 2026 22:45:00 +0000

Type Values Removed Values Added
Description OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Weaknesses CWE-669
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-02-03T15:32:57.600Z

Reserved: 2026-02-01T22:34:17.326Z

Link: CVE-2026-25253

cve-icon Vulnrichment

Updated: 2026-02-03T14:37:14.992Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-01T23:15:49.717

Modified: 2026-06-17T10:24:22.340

Link: CVE-2026-25253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:00:06Z

Weaknesses
  • CWE-669

    Incorrect Resource Transfer Between Spheres