{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-25253", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-02-01T22:34:17.326Z", "datePublished": "2026-02-01T22:34:17.590Z", "dateUpdated": "2026-02-03T15:32:57.600Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageURL": "pkg:npm/clawdbot", "product": "OpenClaw", "vendor": "OpenClaw", "versions": [{"lessThan": "2026.1.29", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-02T19:16:55.732Z"}, "references": [{"url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"}, {"url": "https://openclaw.ai/blog"}, {"url": "https://ethiack.com/news/blog/one-click-rce-moltbot"}, {"url": "https://x.com/0xacb/status/2016913750557651228"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"references": [{"url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T14:36:53.948712Z", "id": "CVE-2026-25253", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:32:57.600Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.1.29", "versionType": "custom"}], "packageURL": "pkg:npm/clawdbot", "defaultStatus": "unaffected"}], "references": [{"url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"}, {"url": "https://openclaw.ai/blog"}, {"url": "https://ethiack.com/news/blog/one-click-rce-moltbot"}, {"url": "https://x.com/0xacb/status/2016913750557651228"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-02-02T19:16:55.732Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25253", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T14:36:53.948712Z"}}}], "references": [{"url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-02-03T14:37:14.992Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-25253", "state": "PUBLISHED", "dateUpdated": "2026-02-02T19:16:55.732Z", "dateReserved": "2026-02-01T22:34:17.326Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-02-01T22:34:17.590Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "4801AF60-B3F7-4C05-A4A1-F8443F445ACD", "versionEndExcluding": "2026.1.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value."}], "id": "CVE-2026-25253", "lastModified": "2026-02-13T17:41:02.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-02-01T23:15:49.717", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ethiack.com/news/blog/one-click-rce-moltbot"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://openclaw.ai/blog"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://x.com/0xacb/status/2016913750557651228"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:50:51.089746+00:00", "value": {"mitigation_remediation": ["Upgrade the OpenClaw installation to version 2026.1.29 or later, which removes the automatic WebSocket connection for unauthenticated gateway URLs.", "If an upgrade is not immediately possible, add input validation to the gatewayUrl query parameter so that only URLs from a trusted list of domains can be processed.", "Disable or block outbound WebSocket traffic (ws:// and wss:// schemes) from the OpenClaw service unless explicitly required, to prevent accidental connections to malicious servers.", "Monitor outbound network activity from OpenClaw instances for unexpected WebSocket connections and investigate any anomalies."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is OpenClaw, shipped as OpenClaw (clawdbot or Moltbot). Only installations running a pre\u20112026.1.29 release are vulnerable.", "description_and_impact": "OpenClaw (clawdbot or Moltbot) binaries older than version 2026.1.29 automatically read a gatewayUrl value from a query string and establish a WebSocket connection to that URL without user confirmation, sending an authentication token in the process. This behaviour allows a remote attacker to supply a malicious WebSocket endpoint, receive the token, and potentially exfiltrate data or execute code on the client. The flaw is a CWE\u2011669 error: improper validation of user input in a security\u2011critical operation.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.8, indicating a high\u2011severity risk, but the EPSS score is well below 1%, suggesting that real\u2011world exploitation is currently uncommon. The flaw is not included in the CISA KEV catalog. Attackers can trigger it by crafting a URL that includes a gatewayUrl query string pointing to a WebSocket server under their control; the victim\u2019s client will then open the connection automatically, allowing the attacker to capture the token and communicate with the client. Because the vulnerability relies on client\u2011side processing of a URL, it can be triggered through social\u2011engineering or phishing campaigns."}}}}, "created": "2026-02-02T09:26:32.336307+00:00", "title": "Unvalidated WebSocket Connection Enables Remote Code Execution", "updated": "2026-04-18T01:00:11.626841+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}