Security Advisory

CVE-2026-25253

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-01 22:34:17

Last updated 2026-02-03 15:32:57

Assigner mitre

State PUBLISHED

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

← Browse all CVEs View on cve.org ↗