Find real vulnerabilities before they ship
Vulnerability Database › npm › CVE-2026-25253
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Base Score