1. Home
  2. Vulnerabilities
  3. CVE-2026-25253
8.8
HIGH CVSS 3.1
CVE-2026-25253
OpenClaw WebSocket Token Disclosure Vulnerability
Overview
Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Details
INFO

Published Date :

Feb. 1, 2026, 11:15 p.m.

Last Modified :

Feb. 13, 2026, 5:41 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2026-25253 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openclaw openclaw
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH 8254265b-2729-46b6-b9e3-3dfca2d5bfca
CVSS 3.1 HIGH [email protected]
Solution
Update OpenClaw to version 2026.1.29 or later to prevent unauthorized WebSocket connections.
  • Update OpenClaw to version 2026.1.29 or newer.
  • Review and secure gatewayUrl configurations.
  • Implement user consent for WebSocket connections.
Public PoC/Exploit Available at Github

CVE-2026-25253 has a 161 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-25253.

URL Resource
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys Exploit Third Party Advisory
https://ethiack.com/news/blog/one-click-rce-moltbot Exploit Third Party Advisory
https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq Vendor Advisory
https://openclaw.ai/blog Product
https://x.com/0xacb/status/2016913750557651228 Exploit
https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys Exploit Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-25253 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-25253 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
carapace-labs/claw-scan

Security scanner for OpenClaw installations. Your current security? .gitignore and hope.

JavaScript

Updated: 21 hours, 39 minutes ago
0 stars 0 fork 0 watcher
Born at : March 14, 2026, 12:25 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
luluming-git/mobile-openclaw

None

Shell Kotlin

Updated: 1 day, 5 hours ago
0 stars 0 fork 0 watcher
Born at : March 13, 2026, 4:25 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
thomasangelop/openclaw-pi-security-setup

Automated 5-layer defense-in-depth security setup for running OpenClaw AI agent on Raspberry Pi 5

Shell

Updated: 2 days, 2 hours ago
0 stars 0 fork 0 watcher
Born at : March 12, 2026, 7:23 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
getsnapwire/snapwire

Agentic Runtime Security (ARS) platform — Headless Governance Infrastructure for AI agents.

Dockerfile Python Shell CSS HTML

Updated: 2 days ago
0 stars 0 fork 0 watcher
Born at : March 12, 2026, 2:49 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
pinuocaoBig/openclaw-security-scanner

None

Python

Updated: 3 days, 7 hours ago
0 stars 0 fork 0 watcher
Born at : March 11, 2026, 2:44 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
yuanzhongqiao/longbot-system

企业级一站式OpenClaw管理平台,安全可靠

openclaw

Updated: 2 days, 16 hours ago
3 stars 0 fork 0 watcher
Born at : March 11, 2026, 5:39 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
imsebao/OpenClaw_Security_Auditor

OpenClaw_Security_Auditor

JavaScript Shell TypeScript

Updated: 3 days, 9 hours ago
1 stars 0 fork 0 watcher
Born at : March 11, 2026, 5:38 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
fds2003/awesome-openclaw

None

Shell Python Ruby JavaScript Nunjucks HTML

Updated: 1 day, 10 hours ago
0 stars 0 fork 0 watcher
Born at : March 11, 2026, 5:20 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
GeneralJerel/awesome-openclaw-apps

None

Updated: 2 days, 4 hours ago
1 stars 0 fork 0 watcher
Born at : March 10, 2026, 11 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
HenryZ838978/pocketclaw

🦀 Mobile-first AI agent framework. Your butler, in your pocket. OpenClaw alternative for 6.8B phone users.

ai-agent ai-butler android mobile-agent mobile-first openclaw-alternative rust wasm crabagent

Kotlin Rust HTML

Updated: 22 hours, 54 minutes ago
10 stars 0 fork 0 watcher
Born at : March 10, 2026, 3:50 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
dkdkding/openclaw

一本书玩转OpenClaw:超级实战指南

Ruby HTML Shell Python

Updated: 4 days, 14 hours ago
1 stars 0 fork 0 watcher
Born at : March 10, 2026, 6:59 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
EdisonYi/awesome-openclaw-tutorial

None

Shell Python Ruby HTML

Updated: 4 days, 16 hours ago
0 stars 0 fork 0 watcher
Born at : March 10, 2026, 5:50 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
theo2612/openclaw-scanner

OpenClaw autonomous AI agent network scanner and detection toolkit for penetration testing

Python

Updated: 5 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : March 9, 2026, 6:50 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
EQSTLab/CVE-2026-25253

None

Python HTML

Updated: 3 days, 22 hours ago
0 stars 0 fork 0 watcher
Born at : March 9, 2026, 8:43 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
CicadaRelay/openclaw-hardener

Self-check and hardening tools for OpenClaw deployments before public exposure

Updated: 2 days, 19 hours ago
1 stars 0 fork 0 watcher
Born at : March 9, 2026, 6:39 a.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-25253 vulnerability anywhere in the article.

  • Hackread - Cybersecurity News, Data Breaches, AI and More
ClawJacked Vulnerability in OpenClaw Could Let Websites Hijack AI Agents

It has been a whirlwind few months for Peter Steinberger and his creation, OpenClaw. The AI tool, which acts as a personal assistant for developers, exploded in popularity, racking up 100,000 GitHub s ... Read more

Published Date: Feb 27, 2026 (2 weeks, 1 day ago)
  • CybersecurityNews
Multiple Hacking Groups Exploit OpenClaw Instances to Steal API key and Deploy Malware

Hacking Groups Exploit OpenClaw Instances A widespread exploitation of OpenClaw, formerly known as MoltBot and ClawdBot, by multiple hacking groups to deploy malicious payloads. OpenClaw, an open-sour ... Read more

Published Date: Feb 22, 2026 (2 weeks, 6 days ago)
  • CybersecurityNews
OpenClaw AI Framework v2026.2.17 Released with Anthropic Model Support and Security Fixes

OpenClaw AI Framework v2026.2.17 Released OpenClaw has released version 2026.2.17 with significant enhancements, including support for Anthropic’s Claude Sonnet 4.6 model. Expanded context windows, th ... Read more

Published Date: Feb 18, 2026 (3 weeks, 3 days ago)
  • Kaspersky
Key OpenClaw risks, Clawdbot, Moltbot | Kaspersky official blog

Everyone has likely heard of OpenClaw, previously known as “Clawdbot” or “Moltbot”, the open-source AI assistant that can be deployed on a machine locally. It plugs into popular chat platforms like Wh ... Read more

Published Date: Feb 16, 2026 (3 weeks, 5 days ago)
  • reddit.com
Architectural Isolation Tradeoffs in the OpenClaw Ecosystem After CVE-2026-25253

Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ... Read more

Published Date: Feb 16, 2026 (3 weeks, 5 days ago)
  • CybersecurityNews
15,200 OpenClaw Control Panels with Full System Access Exposed to the Internet

OpenClaw Control Panels Exposed A critical security failure in the rapidly adopting “agentic AI” ecosystem has left tens of thousands of personal and corporate AI assistants fully exposed to the publi ... Read more

Published Date: Feb 10, 2026 (1 month ago)
  • The Register
More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster

It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster. This time around, SecurityScorecard's STRIKE threat intelligence team is sounding the alarm ov ... Read more

Published Date: Feb 09, 2026 (1 month ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 6

The Good | Former Google Engineer Steals AI Supercomputing Secrets for China Former Google software engineer Linwei Ding has been found guilty of economic espionage and trade secret theft after steali ... Read more

Published Date: Feb 06, 2026 (1 month, 1 week ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 6

The Good | Former Google Engineer Steals AI Supercomputing Secrets for China Former Google software engineer Linwei Ding has been found guilty of economic espionage and trade secret theft after steali ... Read more

Published Date: Feb 06, 2026 (1 month, 1 week ago)
  • The Hacker News
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, wh ... Read more

Published Date: Feb 02, 2026 (1 month, 1 week ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-25253 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Feb. 13, 2026

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* versions up to (excluding) 2026.1.29
    Added Reference Type MITRE: https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys Types: Exploit, Third Party Advisory
    Added Reference Type MITRE: https://ethiack.com/news/blog/one-click-rce-moltbot Types: Exploit, Third Party Advisory
    Added Reference Type MITRE: https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq Types: Vendor Advisory
    Added Reference Type MITRE: https://openclaw.ai/blog Types: Product
    Added Reference Type MITRE: https://x.com/0xacb/status/2016913750557651228 Types: Exploit
    Added Reference Type CISA-ADP: https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys Types: Exploit, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 03, 2026

    Action Type Old Value New Value
    Added Reference https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
  • CVE Modified by [email protected]

    Feb. 02, 2026

    Action Type Old Value New Value
    Added Reference https://ethiack.com/news/blog/one-click-rce-moltbot
    Added Reference https://x.com/0xacb/status/2016913750557651228
  • New CVE Received by [email protected]

    Feb. 01, 2026

    Action Type Old Value New Value
    Added Description OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CWE CWE-669
    Added Reference https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
    Added Reference https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
    Added Reference https://openclaw.ai/blog
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact