1-Click RCE To Steal Your Moltbot Data and Keys (CVE-2026-25253)
This is really polishing a very stinky turd of a security "decision" in Moltbot -- an attacker simply persuades a user to click on a link which uses client-side Javascript to trigger Moltbot to load a crafted URL, to be granted a fully functional authentication token