Critical Authentication Bypass Flaw in ClawDBot Enables Remote Code Execution A high-severity vulnerability (GHSA-g8p2-7wf7-98mq) in ClawDBot, a widely used npm package, allows attackers to bypass authentication and achieve remote code execution (RCE) via a single malicious link. The flaw affects versions up to v2026.1.28 and stems from inadequate validation of the `gatewayUrl` parameter in the Control UI. ### Exploitation Mechanism The vulnerability exploits automatic WebSocket connections initiated on page load, which transmit stored gateway authentication tokens to the specified endpoint without validation. Attackers can craft a malicious URL or phishing site containing a controlled `gatewayUrl`, tricking users into clicking it. When accessed by an authenticated victim, the token is automatically exfiltrated to the attacker’s server no further interaction is required. Once compromised, the token grants operator-level access to the victim’s gateway API, enabling arbitrary configuration changes, sandbox modifications, and ultimately RCE on the host system. The attack is particularly dangerous because it bypasses network isolation even localhost-only or air-gapped instances remain vulnerable if users interact with external links. ### Impact & Mitigation The vendor has patched the issue in ClawDBot v2026.1.29, introducing mandatory user confirmation for new gateway URLs to prevent automatic token transmission. Organizations are urged to upgrade immediately and audit logs for suspicious activity, including: - Unauthorized WebSocket connections to external infrastructure. - Unexpected gateway configuration changes. Additional defenses include egress filtering and deploying ClawDBot behind proxy servers with URL validation. The flaw highlights the risks of automatic token transmission and insufficient parameter validation in authentication workflows.