A recently identified security vulnerability in OpenClaw, dubbed **ClawJacked**, poses a serious risk by enabling malicious websites to hijack locally running AI agents through WebSocket connections. This flaw has been classified as high-severity and was addressed by OpenClaw in less than 24 hours after its disclosure.
Details of the Vulnerability
The vulnerability resides within the core system of OpenClaw, specifically the local WebSocket server that is bound to localhost. According to Oasis Security, the attack scenario involves a developer who has OpenClaw operational on their device, with the gateway secured by a password. When the developer visits a compromised website, malicious JavaScript can exploit the absence of a rate-limiting mechanism to brute-force the gateway password.
Once authenticated, the attacker can register as a trusted device without any user confirmation, granting them full control over the AI agent. This includes the ability to interact with the agent, access configuration data, and read application logs. The browser does not block these cross-origin connections, allowing the attack to occur silently.
Impact and Mitigation
The implications of this vulnerability are significant, as it could lead to unauthorized access to sensitive information and control over AI functionalities. OpenClaw has released version **2026.2.25** to patch this issue, and users are strongly encouraged to update their systems promptly. Additionally, they should regularly audit access permissions granted to AI agents and implement governance controls for non-human identities.
Related Vulnerabilities and Security Concerns
This incident is part of a broader scrutiny of the OpenClaw ecosystem, particularly due to the critical role AI agents play in managing various enterprise tools. Reports indicate that instances of OpenClaw exposed to the internet can significantly increase the attack surface, with integrated services potentially being weaponized through prompt injections.
Furthermore, OpenClaw has addressed other vulnerabilities, including a log poisoning issue that could allow attackers to manipulate agent behavior through malicious content in logs. This was fixed in version **2026.2.13**. A series of additional vulnerabilities have also been reported, including **CVE-2026-25593**, **CVE-2026-24763**, and others, which could lead to severe security breaches such as remote code execution and command injection.
Recommendations for Users
As the security landscape evolves, users of OpenClaw are advised to remain vigilant. Microsoft has issued warnings regarding the risks associated with self-hosted agent runtimes, suggesting that OpenClaw should be deployed in isolated environments to mitigate potential threats. Continuous monitoring and strict access controls are essential to protect against these vulnerabilities.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
