CVE-2026-25253

WebSocket Hijacking via Malicious Skill

What this means in plain English

A malicious skill can eavesdrop on and tamper with messages sent between your other agents and the AI models they're connected to. This means a bad skill could read your private conversations, modify instructions mid-flight, or impersonate other agents entirely.

Technical description

A vulnerability in OpenClaw's WebSocket message handling allows a malicious skill to intercept and inject messages into other agent sessions sharing the same WebSocket connection pool.

Affected versions

< 0.13.2

Fixed in: 0.13.2

Details

CVE IDCVE-2026-25253

CVSS Score8.8 (HIGH)

CategorySession Hijacking

Disclosed2026-01-15

StatusPatched

Are you affected?

Run `openclaw --version` in your terminal

If your version is below 0.13.2, you are affected

Check if you have any skills with WebSocket permissions

How to fix

Update OpenClaw: `npm update -g openclaw`

Verify version: `openclaw --version` shows 0.13.2 or higher

Audit installed skills with WebSocket access via GitOpenClaw scanner

Scan your skills for this vulnerability

Use GitOpenClaw to scan any skill, repo, or install command for patterns associated with CVE-2026-25253 and other known vulnerabilities. Free, no account required.

Scan a skill now →orSet up monitoring →

References

https://github.com/openclaw-ai/openclaw/security/advisories/GHSA-xxxx-1

Other OpenClaw CVEs

CVE-2026-24763critical

Command Injection via Skill Configuration Parameters

CVE-2026-26322high

Server-Side Request Forgery (SSRF) in URL Fetching Skill

CVE-2026-26329high

Path Traversal in File Management Skill

CVE-2026-30741high

Prompt Injection Leading to Remote Code Execution

View all CVEs in threat database →