Ckokoski

1 exploit Active since Feb 2026
CVE-2026-25253 NOMISEC HIGH WRITEUP
OpenClaw <2026.1.29 - Info Disclosure
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
CVSS 8.8