A critical token-exfiltration vulnerability (CVE-2026-25253, CVSS 8.8) in OpenClaw lets an attacker steal a gateway token via a crafted link and gain operator-level access to a victimβs local gateway. By exploiting a lack of WebSocket origin validation and the Control UI trusting gatewayUrl, an attacker can disable approvals, escape sandboxing and achieve one-click remote code execution; the issue is fixed in OpenClaw 2026.1.29. #OpenClaw #CVE-2026-25253
Keypoints
- CVE-2026-25253 is a token exfiltration flaw that leads to full gateway compromise and is rated CVSS 8.8.
- The Control UI trusts gatewayUrl from the query string and auto-connects, sending stored gateway tokens in the WebSocket payload.
- OpenClaw does not validate the WebSocket origin header, enabling cross-site WebSocket hijacking from a malicious webpage.
- An attacker can disable exec approvals and set tools.exec.host to gateway to escape containers and achieve one-click RCE.
- The issue affects authenticated Control UI users even on loopback, was discovered by Mav Levin, and fixed in OpenClaw 2026.1.29 (Jan 30, 2026).
Read More: https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html