msaleme

2 exploits Active since Feb 2026

CVE-2026-25253 NOMISEC HIGH WORKING POC

OpenClaw <2026.1.29 - Info Disclosure

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

17 stars

CVSS 8.8

View Code

CVE-2026-25253 NOMISEC HIGH SUSPICIOUS

OpenClaw <2026.1.29 - Info Disclosure

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CVSS 8.8

View Code