Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant - SecurityWeek

A critical token exfiltration vulnerability, tracked as CVE-2026-25253, was discovered in the OpenClaw (Moltbot/Clawdbot) AI assistant. This one-click remote code execution flaw allows attackers to hijack user instances by tricking victims into visiting a malicious website to steal authentication tokens, leading to operator-level access and host system compromise.