High-Severity OpenClaw Bug Enables Remote Code Execution
A recently disclosed security flaw in OpenClaw, formerly known as Clawdbot and Moltbot, poses a significant threat to users. The vulnerability, tracked as CVE-2026-25253 with a CVSS score of 8.8, allows for remote code execution (RCE) through a maliciously crafted link.
The issue has been identified as a token exfiltration vulnerability, which can lead to severe consequences if exploited. Fortunately, the vulnerability has been addressed in version 2026.1.29, released on January 30, 2026.
- CVE-2026-25253: The vulnerability's designation, with a high CVSS score of 8.8.
- Token Exfiltration: The type of vulnerability that leads to RCE.
- Version 2026.1.29: The updated version of OpenClaw that fixes the vulnerability.
It is essential for users to update to the latest version of OpenClaw to prevent potential exploitation of this vulnerability. The severity of this bug underscores the importance of keeping software up to date and being cautious when interacting with links from unknown sources.
Security is a process, not a product.
Recent Comments
No comments on this post yet. Be the first to comment 🙂