A high-severity authentication bypass vulnerability has been discovered in ClawDBot, a popular npm package, enabling attackers to achieve remote code execution through a single malicious link.
The flaw stems from the insufficient validation of the gateway URL parameter, combined with automatic connection behaviour that exposes authentication tokens to unauthorised actors.
Vulnerability Overview
The vulnerability, identified as GHSA-g8p2-7wf7-98mq, affects ClawDBot versions up to v2026.1.28.
The Control UI accepts a gatewayUrl parameter directly from the query string without validation and automatically initiates a WebSocket connection on page load.
During this connection process, the stored gateway authentication token is transmitted in the connection payload to the specified endpoint.
An attacker can exploit this by crafting a malicious URL or hosting a phishing site that tricks users into clicking links containing a controlled gatewayUrl parameter pointing to attacker infrastructure.
When a victim visits the link while authenticated to the ClawDBot Control UI, their gateway token is automatically exfiltrated to the attacker’s server.
Once the token is compromised, the attacker gains operator-level access to the victim’s gateway API.
This enables arbitrary modifications to gateway configuration, including sandbox settings and tool policies, ultimately leading to full gateway compromise and remote code execution on the host system.
The vulnerability is particularly dangerous because it remains exploitable even on instances configured to listen exclusively on localhost.
Since the victim’s browser initiates the outbound connection to the attacker-controlled server, the gateway’s network isolation provides no protection.
The vendor has addressed this issue in ClawDBot v2026.1.29 by implementing mandatory user confirmation for new gateway URLs in the UI.
Users are advised to upgrade immediately to the patched version. Organizations should audit gateway access logs for suspicious token activity and monitor for unauthorized configuration changes.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.