CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

OpenClaw Token Exfiltration Vulnerability Enables One-Click RCE

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A high-severity vulnerability (CVE-2026-25253, CVSS 8.8) in OpenClaw, an open-source AI assistant, allows remote code execution via a malicious link. The flaw enables token exfiltration and full gateway compromise. The issue was patched in version 2026.1.29 released on January 30, 2026. The vulnerability arises because the Control UI trusts the gatewayUrl parameter without validation, auto-connecting and sending the stored gateway token in the WebSocket connect payload. This allows an attacker to connect to the victim's local gateway, modify configurations, and execute privileged actions. OpenClaw integrates with various messaging platforms and has gained rapid popularity, with its GitHub repository crossing 149,000 stars. The vulnerability can be exploited to achieve one-click RCE by visiting a malicious web page, leveraging cross-site WebSocket hijacking due to the lack of origin header validation.

Timeline

  1. 02.02.2026 18:28 1 articles · 23h ago

    OpenClaw Token Exfiltration Vulnerability Enables One-Click RCE

    A high-severity vulnerability (CVE-2026-25253, CVSS 8.8) in OpenClaw, an open-source AI assistant, allows remote code execution via a malicious link. The flaw enables token exfiltration and full gateway compromise. The issue was patched in version 2026.1.29 released on January 30, 2026. The vulnerability arises because the Control UI trusts the gatewayUrl parameter without validation, auto-connecting and sending the stored gateway token in the WebSocket connect payload. This allows an attacker to connect to the victim's local gateway, modify configurations, and execute privileged actions. The vulnerability can be exploited to achieve one-click RCE by visiting a malicious web page, leveraging cross-site WebSocket hijacking due to the lack of origin header validation.

    Show sources
    Open in new tab

Information Snippets