How CVE-2026-25253 exposed every OpenClaw user to RCE — and how to fix it in one command

CVE-2026-25253 scored 8.8 on the CVSS scale. It let any website steal your OpenClaw auth token and get remote code execution on your machine through a single malicious link. You didn't have to click anything suspicious. You just had to visit a webpage while OpenClaw was running. This is the attack surface problem with autonomous AI agents — and CVE-2026-25253 is just the most visible example. Why AI agents are uniquely dangerous Traditional software has a clear boundary between the application and the outside world. AI agents don't. An OpenClaw agent can: Execute arbitrary shell commands Control a browser and interact with any website Read and write files anywhere on your system Send emails and messages on your behalf Install new skills from external registries All of this happens autonomously. The agent decides what to do based on instructions — and those instructions can come from anywhere: a webpage it visits, a document it reads, an email it processes, a skill it installs. This cre