# One-Click RCE Was Just the Symptom. OpenClaw's Architecture Is the Disease. - Date: 2026-03-22 - Category: Agentics When Mav Levin, a founding researcher at DepthFirst, disclosed CVE-2026-25253 in late January 2026, he had found something uncomfortable: a one-click remote code execution flaw in OpenClaw that required nothing more than sending someone a link. ---