WebSocket Vulnerability in OpenClaw by OpenClaw AI

CVE-2026-25253

What is CVE-2026-25253?

CVE-2026-25253 is a serious security vulnerability affecting the OpenClaw platform, specifically versions prior to 2026.1.29. OpenClaw, also known as clawdbot or Moltbot, is a software framework utilized for various applications that require WebSocket connections for real-time data communication. This vulnerability arises from the way OpenClaw handles incoming data; it retrieves a gatewayUrl value from the query string and automatically establishes a WebSocket connection without user authorization, sending a sensitive token value in the process. This behavior can be exploited maliciously, potentially allowing attackers to hijack sessions or perform unauthorized actions within the context of the application.

Potential impact of CVE-2026-25253

1. Unauthorized Access: The automatic WebSocket connection can allow attackers to gain unauthorized access to sensitive information and functionalities of the affected application, compromising user data integrity and confidentiality.

2. Data Theft: Attackers can exploit this vulnerability to steal sensitive tokens or credentials transmitted between the client and server, leading to further breaches and unauthorized data exfiltration.

3. Increased Risk of Malicious Exploits: The existence of this vulnerability can serve as a launching pad for more sophisticated attacks, including remote code execution, potentially enabling attackers to gain full control over affected systems and deploy additional malware.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References