Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2026-25253

CVE-2026-25253

8.8

High

Published:1 Feb 2026

Last updated:17 Jun 2026

Source:cve@mitre.org

Analyzed

Weakness (CWE)

CWE-669CWE-669

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

References

cve@mitre.org

https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys

cve@mitre.org

https://ethiack.com/news/blog/one-click-rce-moltbot

cve@mitre.org

https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq

cve@mitre.org

https://openclaw.ai/blog

cve@mitre.org

https://x.com/0xacb/status/2016913750557651228

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys