OpenClaw AI Agent Vulnerability Enables One-Click Remote Code Execution
CVE-2026-25253 (CVSS 8.8) allows attackers to steal authentication tokens and achieve RCE through a single malicious link via cross-site WebSocket hijacking—even on localhost-only OpenClaw instances.