PromptRiskDBThreat intelligence atlas

CVE-2026-25253

AI Vulnerability Context

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Overview

A source-backed snapshot of this vulnerability.

CISA KEVnoWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies1Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

not in CISA KEVHIGH
CVE ID
CVE-2026-25253
CVSS v3
8.8

Exploit context

What the vulnerability is about.

No description available. The source record only contains identifiers and metadata.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.