BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

OpenClaw AI Assistant Patched for Critical 1-Click RCE Flaw

OpenClaw AI Assistant vulnerability allows one-click remote code execution and host takeover.

  • A critical flaw in the popular AI assistant OpenClaw allows attackers to execute remote code via a single malicious link.
  • The vulnerability, patched on January 30, 2026, enabled complete system compromise by exfiltrating authentication tokens.
  • With over 149,000 GitHub stars, the locally-run software was vulnerable even when configured to listen only on localhost.
  • The one-click exploit chain could bypass critical safety sandboxes to run commands directly on a victim’s host machine.

A severe security vulnerability in the widely-used AI assistant OpenClaw was patched on January 30, 2026, allowing remote code execution through a crafted link. The flaw, tracked as CVE-2026-25253 with a high CVSS score of 8.8, could lead to full gateway compromise.

- Advertisement -

According to an advisory by creator Peter Steinberger, the Control UI auto-connected using an untrusted query parameter. Consequently, clicking a malicious link could send a gateway token to an attacker-controlled server.

Discovered by Mav Levin of depthfirst, the exploit chain achieved RCE milliseconds after visiting a webpage. Levin detailed how the attack bypassed localhost restrictions via cross-site WebSocket hijacking.

The attacker could then disable user confirmations and escape the safety container. “This forces the agent to run commands directly on the host machine, not inside a Docker container,” Levin said.

Steinberger noted the vulnerability impacted any deployment where a user was authenticated. Meanwhile, the open-source project, which promises user data sovereignty, had gained rapid popularity since its November 2025 release.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

18 Countries With No Privacy Laws According To UN (List)

Privacy laws are legal frameworks designed to protect personal data from unauthorized access, misuse, or disclosure.Lack of privacy laws can lead to misuse of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading