Critical Authentication Bypass Flaw in ClawDBot Enables Remote Code Execution
A high-severity vulnerability (GHSA-g8p2-7wf7-98mq) in ClawDBot, a widely used npm package, allows attackers to bypass authentication and achieve remote code execution (RCE) via a single malicious link. The flaw affects versions up to v2026.1.28 and stems from inadequate validation of the gatewayUrl parameter in the Control UI.
Exploitation Mechanism
The vulnerability exploits automatic WebSocket connections initiated on page load, which transmit stored gateway authentication tokens to the specified endpoint without validation. Attackers can craft a malicious URL or phishing site containing a controlled gatewayUrl, tricking users into clicking it. When accessed by an authenticated victim, the token is automatically exfiltrated to the attacker’s server no further interaction is required.
Once compromised, the token grants operator-level access to the victim’s gateway API, enabling arbitrary configuration changes, sandbox modifications, and ultimately RCE on the host system. The attack is particularly dangerous because it bypasses network isolation even localhost-only or air-gapped instances remain vulnerable if users interact with external links.
Impact & Mitigation
The vendor has patched the issue in ClawDBot v2026.1.29, introducing mandatory user confirmation for new gateway URLs to prevent automatic token transmission. Organizations are urged to upgrade immediately and audit logs for suspicious activity, including:
- Unauthorized WebSocket connections to external infrastructure.
- Unexpected gateway configuration changes.
Additional defenses include egress filtering and deploying ClawDBot behind proxy servers with URL validation. The flaw highlights the risks of automatic token transmission and insufficient parameter validation in authentication workflows.
Source: https://cyberpress.org/1-click-clawdbot-vulnerability/
Cua (YC X25) cybersecurity rating report: https://www.rankiteo.com/company/cua-ai
"id": "CUA1770021700",
"linkid": "cua-ai",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Software/Technology',
'name': 'ClawDBot',
'type': 'npm package'}],
'attack_vector': 'Malicious link/phishing site, WebSocket token exfiltration',
'data_breach': {'data_exfiltration': 'Yes (tokens transmitted to '
'attacker-controlled server)',
'sensitivity_of_data': 'High (operator-level access)',
'type_of_data_compromised': 'Authentication tokens'},
'description': 'A high-severity vulnerability (GHSA-g8p2-7wf7-98mq) in '
'ClawDBot, a widely used npm package, allows attackers to '
'bypass authentication and achieve remote code execution (RCE) '
'via a single malicious link. The flaw affects versions up to '
'v2026.1.28 and stems from inadequate validation of the '
'`gatewayUrl` parameter in the Control UI. The vulnerability '
'exploits automatic WebSocket connections initiated on page '
'load, which transmit stored gateway authentication tokens to '
'the specified endpoint without validation. Attackers can '
'craft a malicious URL or phishing site containing a '
'controlled `gatewayUrl`, tricking users into clicking it. '
'When accessed by an authenticated victim, the token is '
'automatically exfiltrated to the attacker’s server. Once '
'compromised, the token grants operator-level access to the '
'victim’s gateway API, enabling arbitrary configuration '
'changes, sandbox modifications, and ultimately RCE on the '
'host system.',
'impact': {'data_compromised': 'Gateway authentication tokens',
'operational_impact': 'Arbitrary configuration changes, sandbox '
'modifications, RCE on host system',
'systems_affected': 'ClawDBot (versions up to v2026.1.28)'},
'lessons_learned': 'Risks of automatic token transmission and insufficient '
'parameter validation in authentication workflows',
'post_incident_analysis': {'corrective_actions': 'Mandatory user confirmation '
'for new gateway URLs, '
'egress filtering, proxy '
'servers with URL validation',
'root_causes': 'Inadequate validation of '
'`gatewayUrl` parameter, automatic '
'WebSocket token transmission'},
'recommendations': 'Upgrade to patched version (v2026.1.29), implement egress '
'filtering, deploy behind proxy servers with URL '
'validation, audit logs for suspicious activity',
'references': [{'source': 'GitHub Advisory'}],
'response': {'containment_measures': 'Upgrade to ClawDBot v2026.1.29, audit '
'logs for suspicious activity',
'enhanced_monitoring': 'Audit logs for unauthorized WebSocket '
'connections and unexpected gateway '
'configuration changes',
'remediation_measures': 'Mandatory user confirmation for new '
'gateway URLs, egress filtering, proxy '
'servers with URL validation'},
'title': 'Critical Authentication Bypass Flaw in ClawDBot Enables Remote Code '
'Execution',
'type': 'Authentication Bypass, Remote Code Execution (RCE)',
'vulnerability_exploited': 'Inadequate validation of `gatewayUrl` parameter '
'in ClawDBot Control UI (GHSA-g8p2-7wf7-98mq)'}