CVE-2026-26322

CVE-2026-26322 affects the OpenClaw AI assistant. Prior to version 2026.2.14, the Gateway tool allowed a tool-supplied gatewayUrl to pass without proper restriction, enabling outbound WebSocket connections from the OpenClaw host to user-specified targets when a caller can invoke tools with gatewa...

CVE-2026-26322 OpenClaw Gateway tool allowed unrestricted gatewayUrl override

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied gatewayUrl without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to...

Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8p2-7wf7-98mq. This link is maintained to preserve external references. Original Description OpenClaw aka clawdbot or Moltbot before 2026.1.29 obtains a gatewayUrl value from a query string and automatically...

Credential Exposure

Overview clawdbot is a WhatsApp gateway CLI Baileys web with Pi RPC agent Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a maliciou...