‼️ OpenClaw, also known by Moltbot and ClawdBot, recently patched a 1-Click RCE via Authentication Token Exfiltration From gatewayUrl
CVSS: 8.8
Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
Writeup: https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
All versions up to v2026.1.24-1 are vulnerable.
Video: Ethiack
CVSS: 8.8
Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
Writeup: https://depthfirst.com/post/1-click-rce-to-steal-your-moltbot-data-and-keys
All versions up to v2026.1.24-1 are vulnerable.
Video: Ethiack