{"uuid": "4c6b2c29-026d-4b1e-87a4-23aef32670e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25253", "type": "seen", "source": "https://t.me/brutsecurity/2530", "content": "\ud83d\udea8 CVE-2026-25253: OpenClaw Logical Flaw\n\nCritical Token Leakage via Unsanitized WebSocket Redirect!\nAn attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.\n\nFull Vulnerability Details &amp; Analysis at DarkEye:\n\ud83d\udd17 https://darkeye.org/vuln/cve/CVE-2026-25253\n\n\ud83d\udd0d Identify Targets via ZoomEye:\n\nFilter: vul.cve=\"CVE-2026-25253\"\nSearch Dork: app=\"OpenClaw\"\nExposure: 33k+ instances identified globally.\n\nZoomEye Search Link:\n\ud83d\udc49 https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&amp;utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=cve_ops_20260213", "creation_timestamp": "2026-07-09T03:00:05.774416Z"}