The OpenClaw AI agent had a high-severity vulnerability dubbed βClawJackedβ that let a malicious website silently brute-force a locally running gateway and take control of the platform. Oasis Security reported the issue and OpenClaw released a fix in version 2026.2.26 to tighten WebSocket checks and block localhost brute-force abuse. #ClawJacked #OpenClaw
Keypoints
- A localhost-bound WebSocket gateway in OpenClaw allowed browser JavaScript to silently attempt authentication.
- The loopback address was exempt from rate limiting, enabling hundreds of password guesses per second.
- An attacker who guesses the management password can auto-register as a trusted device and gain admin access.
- With admin access an attacker can dump credentials, exfiltrate files, search message histories, or run shell commands on paired nodes.
- Oasis Security reported the flaw and OpenClaw patched it in version 2026.2.26; administrators should update immediately and monitor ClawHub for malicious skills.