Back

OpenClaw Faces Security Failures Amid Rapid Growth and OpenAI Integration

Severity: High (Score: 67.5)

Sources: Thenextweb, Opentools.Ai

Summary

OpenAI has integrated its ChatGPT subscriptions as the authentication layer for OpenClaw, an open-source AI agent framework with 3.2 million users. This move follows Anthropic's decision to block access to its Claude subscriptions on the same platform. OpenClaw, created by Peter Steinberger, has rapidly gained popularity but has also experienced significant security vulnerabilities. A critical remote code execution vulnerability (CVE-2026-25253) was disclosed on February 1, 2026, allowing attackers to exploit users' local servers through unvalidated WebSockets. An audit revealed 824 malicious entries in OpenClaw's skills marketplace, with over 30,000 instances exposed on the public internet without authentication. Additionally, a breach of Moltbook exposed 1.5 million API tokens and private conversations. Although vulnerabilities have been patched, many users still run outdated versions. OpenAI's decision to tie its brand to OpenClaw raises concerns about credential security in light of these incidents. Key Points: • OpenAI's ChatGPT subscriptions now authenticate OpenClaw, impacting 3.2 million users. • CVE-2026-25253 allows remote code execution via unvalidated WebSockets, posing critical risks. • Over 30,000 OpenClaw instances are exposed online, and 824 malicious entries were found in its skills marketplace.

Key Entities

  • Data Breach (attack_type)
  • Moltbook (company)
  • AWS (company)
  • CVE-2026-25253 (cve)
  • GitHub (platform)
  • NemoClaw (platform)
  • WebSocket (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed