CVE-2026-25253

Publication date

2026-02-01 22:34:17

Family

mitre

State

PUBLISHED

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.