OpenClaw Remote Code Execution

In early 2026, OpenClaw, an open source AI agent (Agent), was exposed to a high-risk One-Click Remote Code Execution (One-Click RCE) vulnerability (CVE-2026-25253). The vulnerability stems from a design flaw in its Control UI, which allows an attacker to steal authentication tokens with elevated privileges by tricking a user into clicking on a well-constructed malicious link, and ultimately execute arbitrary code on the victim's device. In this paper, we will analyze the principle of the vulnerability, the attack chain, the exploitation code (POC/EXP), and provide the corresponding fixes.