CVE-2026-25593
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply
Description
### Summary An unauthenticated local client could use the Gateway WebSocket API to write config via `config.apply` and set unsafe `cliPath` values that were later used for command discovery, enabling command injection as the gateway user. ### Impact A local process on the same machine could execute arbitrary commands as the gateway process user. ### Details - `config.apply` accepted raw JSON and wrote it to disk after schema validation. - `cliPath` values were not constrained to safe executable names/paths. - Command discovery used a shell invocation when resolving executables. ### Mitigation Upgrade to a patched release. If projects cannot upgrade immediately, set `gateway.auth` and avoid custom `cliPath` values.
How to fix CVE-2026-25593
To remediate CVE-2026-25593, upgrade the affected package to a fixed version below.
- —upgrade to 2026.1.20 or later
Is CVE-2026-25593 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2026.1.20
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |