OpenClaw Faces One-Click RCE And Data Exposure
Security researchers disclosed multiple vulnerabilities in the OpenClaw ecosystem on and around Jan. 31–Feb. 1, 2026, including a one-click remote code execution (RCE) exploit and an exposed Moltbook database. The RCE chain exploited an unvalidated WebSocket origin header to steal tokens and trigger commands; project maintainers and contributors confirmed patches and remediation. Practitioners are urged to apply fixes and rotate exposed keys immediately.
Key Points
- 1Discovered one-click RCE exploiting WebSocket origin header flaw enabling cross-site hijacking against vulnerable OpenClaw instances.
- 2Demonstrate attackers can steal authentication tokens, disable sandboxing, and execute remote code in milliseconds.
- 3Advise practitioners to validate WebSocket origins, rotate exposed API keys, and audit agent-linked services immediately.
Scoring Rationale
Confirmed, actionable vulnerability disclosures and timely patches increase impact, but effects remain limited to OpenClaw/Moltbook ecosystem.
Sources
Public references used for this report.
Practice with real Retail & eCommerce data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Retail & eCommerce problems

