CVE-2026-25253 – OpenClaw (also known as clawdbot or Moltbot) ve... (How to Fix)

Q: What is the severity of CVE-2026-25253?

CVE-2026-25253 has a CVSS score of 8.8 (HIGH). OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 automatically establish WebSocket connections using gatewayUrl values from query strings without user consent, transmitting authentication tokens. This allows attackers to execute remote code and steal sensitive data. Users of vulnerable OpenClaw installations are affected.

📋 TL;DR

OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 automatically establish WebSocket connections using gatewayUrl values from query strings without user consent, transmitting authentication tokens. This allows attackers to execute remote code and steal sensitive data. Users of vulnerable OpenClaw installations are affected.

💻 Affected Systems

Products:

OpenClaw
clawdbot
Moltbot

Versions: All versions before 2026.1.29

Operating Systems: All platforms running OpenClaw

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using the vulnerable WebSocket connection functionality is affected regardless of configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution leading to data theft, credential harvesting, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive Moltbot data and cryptographic keys, potentially enabling account takeover and data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though token exposure remains a concern.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a crafted URL that victims click, making this a one-click attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.1.29

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq

Restart Required: Yes

Instructions:

1. Update OpenClaw to version 2026.1.29 or later. 2. Restart the OpenClaw service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable automatic WebSocket connections

all

Modify configuration to require user confirmation before establishing WebSocket connections from query parameters.

# Configuration change depends on specific deployment

Network isolation

all

Restrict network access to OpenClaw instances to prevent external exploitation.

# Use firewall rules to limit inbound connections

🧯 If You Can't Patch

Isolate OpenClaw instances in a restricted network segment with no internet access
Implement strict input validation and sanitization for all query parameters

🔍 How to Verify

Check if Vulnerable:

Check if OpenClaw version is earlier than 2026.1.29 and if it automatically establishes WebSocket connections from query strings.

Check Version:

openclaw --version or check package manager

Verify Fix Applied:

Confirm OpenClaw version is 2026.1.29 or later and test that WebSocket connections require user confirmation.

📡 Detection & Monitoring

Log Indicators:

Unexpected WebSocket connection attempts
Suspicious query parameters containing gatewayUrl values
Unauthorized token transmissions

Network Indicators:

Unusual WebSocket traffic to external domains
Outbound connections initiated without user interaction

SIEM Query:

source="openclaw" AND (event="websocket_connection" OR query_string="*gatewayUrl*")

📊 Metadata

CVE ID: CVE-2026-25253

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-669

Published: February 1, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy