Summary
CVE-2026-25593 is a high-severity vulnerability in OpenClaw that allows unauthenticated local attackers to execute code through the Gateway WebSocket API. Before version 2026.1.20, the config.apply endpoint accepted unsafe cliPath values, enabling attackers to run arbitrary commands with gateway user privileges.
Urgent Actions Required
- Upgrade OpenClaw to version 2026.1.20 or later immediately to remediate the vulnerability.
- Restrict local access to systems running OpenClaw to authorized users only until the patch is applied.
- Review and validate current OpenClaw configurations for any unsafe cliPath values.
- Monitor Gateway WebSocket API activity for unauthorized or suspicious config.apply requests.
Which Systems Are Vulnerable to CVE-2026-25593?
Technical Overview
- Vulnerability Type: Unauthenticated Local Remote Code Execution via WebSocket config.apply
- Affected Software/Versions:
OpenClaw versions prior to 2026.1.20 - CVSS Vector: v3.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Patch Availability: Yes, available
Unauthenticated Local RCE via WebSocket config.apply · Advisory · openclaw/openclaw · GitHub
How Does the CVE-2026-25593 Exploit Work?
The attack typically follows these steps:
What Causes CVE-2026-25593?
Vulnerability Root Cause:
CVE-2026-25593 is caused by OpenClaw’s config.apply WebSocket API accepting configuration input without authentication and insufficiently validating cliPath values. This allows a local client to inject commands that are executed by the gateway process, leading to unauthenticated local remote code execution.
How Can You Mitigate CVE-2026-25593?
If immediate patching is delayed or not possible:
- Restrict access to the OpenClaw WebSocket API from untrusted local users or processes.
- Run OpenClaw in a containerized or isolated environment with minimal privileges.
- Disable the config.apply functionality if it is not essential to operations.
- Validate configuration inputs to ensure cliPath values do not reference unsafe executables.
Which Assets and Systems Are at Risk?
- Asset Types Affected:
- OpenClaw Deployments - Systems running OpenClaw versions earlier than 2026.1.20.
- Local AI Agent Environments - Developer machines or systems where the OpenClaw gateway and its WebSocket API are active.
- Exposure Level:
Local environments where an unauthenticated client can access the OpenClaw WebSocket API.
Will Patching CVE-2026-25593 Cause Downtime?
Patch application impact: Low. Update OpenClaw to 2026.1.20 or later; minimal downtime expected.
Mitigation (if immediate patching is not possible): Restrict WebSocket access to trusted users and disable config.apply if not needed. Full protection requires applying the patch.
How Can You Detect CVE-2026-25593 Exploitation?
Exploitation Signatures:
Look for attempts to use the OpenClaw Gateway WebSocket API to invoke config.apply with unusual or unsafe cliPath values. Repeated or unexpected config writes may indicate an active exploitation attempt.
Indicators of Compromise (IOCs/IOAs):
- Unauthorized modifications to gateway configuration via WebSocket.
- Unexpected command execution as the gateway user.
- Attempts to write unsafe cliPath values.
Behavioral Indicators:
- Config changes occurring without authenticated local access.
- Gateway executing commands derived from malicious config entries.
Alerting Strategy:
- Priority: Critical
- Trigger alerts for:
Repeated or suspicious config.apply requests from local clients.
Remediation & Response
- Rollback Plan:
If issues occur after upgrading, revert to the previous deployment configuration while restricting access to the OpenClaw WebSocket API until the update can be reapplied. - Incident Response Considerations:
- Review gateway configuration changes made through the WebSocket API.
- Investigate for any unauthorized configuration updates involving config.apply or suspicious cliPath values.
- Apply the fixed version and monitor for further attempts to modify the gateway configuration.
CVSS Breakdown Table
| Metric | Value | Description |
|---|---|---|
| Base Score | 8.4 | High-severity vulnerability that can allow command execution through the OpenClaw gateway |
| Attack Vector | Local | The attack requires access from a local client interacting with the gateway’s WebSocket API |
| Attack Complexity | Low | Exploitation does not require complex conditions once local access is available |
| Privileges Required | None | The vulnerability can be triggered without authentication |
| User Interaction | None | No user action is needed for the attack to succeed |
| Scope | UnChanged | The impact remains within the vulnerable OpenClaw component |
| Confidentiality Impact | High | Successful exploitation may expose configuration data or system information |
| Integrity Impact | High | Attackers can modify the configuration and execute commands as the gateway user |
| Availability Impact | High | Command execution could disrupt or affect the operation of the gateway |
References:
