# One-Click RCE Was Just the Symptom. OpenClaw's Architecture Is the Disease.

- slug: one-click-rce-was-just-the-symptom-openclaws-architecture-is-the-disease
- date: 2026-03-22
- category: Agentics

When Mav Levin, a founding researcher at DepthFirst, disclosed CVE-2026-25253 in late January 2026, he had found something uncomfortable: a one-click remote code execution flaw in OpenClaw that required nothing more than sending someone a link.

---