Critical Security Flaw in OpenClaw Enables One-Click Remote Code Execution

A critical security vulnerability (CVE-2026-25253, CVSS score 8.8) has been identified in OpenClaw (formerly Clawdbot and Moltbot), allowing remote code execution (RCE) via a one-click malicious link. The flaw, described as a token exfiltration vulnerability, has been patched in version 2026.1.29 released on January 30, 2026. No additional details about the impact or exploitation vectors are provided.