Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.

The initial hype around the renamed OpenClaw has died down somewhat compared to last week, although security researchers say they continue to find holes in a technology designed to make life easier for users, not more onerous.

Mav Levin, founding security researcher at DepthFirst, published details of a one-click RCE exploit chain on Sunday. He claimed the process takes "milliseconds" and requires a victim to visit a single malicious web page.

If an OpenClaw user running a vulnerable version and configuration clicked on that link, an attacker could then trigger a cross-site WebSocket hijacking attack because the polyonymous AI project's server doesn't validate the WebSocket origin header.

This means the OpenClaw server will accept requests from any website. A maliciously crafted webpage ...