If an OpenClaw user running a vulnerable version and configuration clicked on that link, an attacker could then trigger a cross-site WebSocket hijacking attack because the polyonymous AI project's server doesn't validate the WebSocket origin header. This means the OpenClaw server will accept requests from any website. A maliciously crafted webpage, in this case, can execute client-side JavaScript code on the victim's browser to retrieve an authentication token, establish a WebSocket connection to the server, and use that token to pass authentication.
Maintained by Meta, React is an open source resource designed to enable developers to build user interfaces (UIs) for both native and web applications. The vulnerability in question, assigned CVE-2025-55182 and dubbed React2Shell by the cyber community, is a critically-scored pre-authentication RCE flaw in versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of React Server Components that exploits a flaw in how they decode payloads sent to React Function Endpoints.