{"id":209248,"date":"2026-02-02T11:28:00","date_gmt":"2026-02-02T16:28:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/openclaw-bug-enables-one-click-remote-code-execution-via-malicious-link\/"},"modified":"2026-02-02T15:15:08","modified_gmt":"2026-02-02T20:15:08","slug":"openclaw-bug-enables-one-click-remote-code-execution-via-malicious-link","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/openclaw-bug-enables-one-click-remote-code-execution-via-malicious-link\/","title":{"rendered":"OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link"},"content":{"rendered":"

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/02\/openclaw-bug-enables-one-click-remote.html<\/a><\/p>\n

Publish Date: 2026-02-02 11:28:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Feb 02, 2026<\/span><\/span>Vulnerability \/ Artificial Intelligence<\/span><\/p>\n

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.<\/p>\n

The issue, which is tracked as CVE-2026-25253<\/strong> (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to full gateway compromise.<\/p>\n

“The Control UI trusts gatewayUrl from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload,” OpenClaw’s creator and maintainer Peter Steinberger said in an advisory.<\/p>\n

\"Cybersecurity\"<\/p>\n

“Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker can then connect to the victim’s local gateway, modify config (sandbox, tool policies), and invoke privileged actions, achieving 1-click RCE.”<\/p>\n

OpenClaw is an open-source autonomous artificial intelligence (AI) personal assistant that runs locally on user devices and integrates with a wide range of messaging platforms. Although initially released in November 2025, the project has gained rapid popularity in recent weeks, with its GitHub repository crossing 149,000 stars as of writing.<\/p>\n

“OpenClaw is an open agent platform that runs on your machine and works from the chat apps you already use,” Steinberger said. “Unlike SaaS assistants where your data lives on someone else’s servers, OpenClaw runs where you choose \u2013 laptop, homelab, or VPS. Your infrastructure. Your keys. Your data.”<\/p>\n

Mav Levin, founding security researcher at depthfirst who is credited with discovering the shortcoming, said it can be exploited to create a one-click RCE exploit chain that takes only milliseconds after a victim visits a single malicious web page.<\/p>\n

The problem is that clicking on the link to that web page is enough to trigger a cross-site…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link https:\/\/thehackernews.com\/2026\/02\/openclaw-bug-enables-one-click-remote.html Publish Date: 2026-02-02 11:28:00…<\/p>\n","protected":false},"author":1,"featured_media":209249,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4fXSwhiW0Eb2lGzmNue91AjKZ-c420l6qWRP0mQkVZWlxxe_Iq0MkDlUYw7GrvFfd2UqhpLGsSYc9H3-o33nWGXEUX_OPcTWpzn3lQNvZTVyzEx1CJw2r2UQMfkFdNiHJF4_x8mLAkOy7st09Siko8G8KTlPyNkVNeLDf2xTKVgCFLnumaeT4v7Q_f27J\/s1700-e365\/openclaw.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,27],"class_list":["post-209248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209248"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209248"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209248\/revisions"}],"predecessor-version":[{"id":209250,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209248\/revisions\/209250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209249"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}