Critical OpenClaw Vulnerability Enables One-Click Remote Code Execution
A significant security flaw has been identified in OpenClaw, an open-source AI personal assistant utilized by over 100,000 developers. This vulnerability allows attackers to execute remote code on a victim’s system with a single click, requiring no further user interaction.
Technical Details:
OpenClaw’s design grants AI agents extensive access to messaging applications, API keys, and full control over the local machine. While this architecture offers powerful capabilities, it also introduces potential security risks.
The vulnerability arises from a combination of unsafe URL parameter handling and inadequate WebSocket origin validation. Specifically, the application accepts the `gatewayUrl` parameter from the URL without proper validation and stores it in local storage. Upon initialization, OpenClaw connects to this gateway URL, transmitting authentication tokens without verifying the destination’s legitimacy.
Exploitation Process:
1. User Visit: The victim accesses a malicious website crafted by the attacker.
2. Malicious Script Execution: The website’s JavaScript loads OpenClaw with a manipulated `gatewayUrl`.
3. Token Exposure: OpenClaw sends its authentication token to the attacker’s server.
4. WebSocket Connection: A WebSocket connection is established to the victim’s local OpenClaw instance.
5. Security Bypass: The attacker disables OpenClaw’s safety mechanisms.
6. Code Execution: The attacker executes arbitrary commands on the victim’s system.
This sequence enables the attacker to gain full control over the victim’s machine, leading to potential data theft, system manipulation, and further network infiltration.
Mitigation Measures:
The OpenClaw development team has promptly addressed this vulnerability by introducing a confirmation prompt for gateway URL connections, preventing automatic connections without user approval.
Users operating versions prior to v2026.1.24-1 are advised to upgrade immediately to the latest version to mitigate this risk.
Additionally, administrators should rotate authentication tokens and review system logs for any signs of unauthorized access.
