OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link - The Hacker News

A high-severity vulnerability, tracked as CVE-2026-25253, in OpenClaw allows one-click remote code execution (RCE) via a crafted malicious link. This exploit leverages a cross-site WebSocket hijacking flaw to exfiltrate authentication tokens, enabling an attacker to bypass authentication, disable security features, and execute arbitrary commands on the underlying host system.