← Back to getcrawdad.dev

Security Advisories

Published security advisories for Crawdad and supported frameworks.

CRAWDAD-2026-001 January 2026 Critical
CVE-2026-25253 — OpenClaw Remote Code Execution

Cross-site WebSocket hijacking vulnerability in OpenClaw allowed remote code execution through a malicious link.

Mitigated — Crawdad skill intercepts all inbound messages via semantic firewall.