Impact
OpenClaw, also known as clawdbot or Moltbot, before version 2026.1.29 automatically reads a gatewayUrl value from a query string and establishes a WebSocket connection to that URL while sending the authentication token as part of the connection. This behaviour allows a remote attacker to capture the token that is being transmitted. The flaw is a CWE‑669 error: improper validation of user input in a security‑critical operation, and the impact is primarily the illicit acquisition of credentials that could be used to access authenticated resources or potentially launch further attacks.
Affected Systems
The affected product is OpenClaw, shipped as OpenClaw (clawdbot or Moltbot). Only installations running a pre‑2026.1.29 release are vulnerable.
Risk and Exploitability
The vulnerability carries a CVSS score of 8.8, indicating a high‑severity risk, but the EPSS score is 8%, indicating a low exploitation probability in real‑world scenarios. The flaw is not included in the CISA KEV catalog. Based on the description, the likely attack vector is a crafted URL containing a gatewayUrl query string that points to a malicious WebSocket server; the victim’s client will automatically open the connection and transmit the token, allowing the attacker to capture it. Because the vulnerability relies on client‑side processing of a URL, it can be triggered through social‑engineering or phishing campaigns.
OpenCVE Enrichment
Github GHSA