Ethical Hacking News
A critical vulnerability has been discovered in popular AI agent OpenClaw, allowing malicious websites to hijack the platform and steal sensitive data. The "ClawJacked" vulnerability exploits a flaw in WebSocket security checks, enabling attackers to brute-force access to locally running instances. Organizations and users must take immediate action to update their systems and protect themselves against this potentially catastrophic attack.
The "ClawJacked" vulnerability allows malicious websites to hijack OpenClaw AI agent and steal sensitive data. The vulnerability exploits a flaw in OpenClaw's WebSocket security checks, enabling attackers to brute-force access to locally running instances. Malicious websites can silently open connections to local gateways, bypassing browser cross-origin policies and attempting authentication without warnings. Attackers can register as trusted devices, gaining admin permissions and accessing sensitive information, files, and executing arbitrary shell commands. Patch version 2026.2.26 has been released with tightened WebSocket security checks and additional protections against abuse of localhost loopback connections. Organizations and developers must update to the latest patched version immediately to prevent hijacking, while users must monitor system activity and take proactive measures to protect themselves.
The security landscape has taken a dramatic turn with the recent discovery of the "ClawJacked" vulnerability, which allows malicious websites to hijack popular AI agent OpenClaw and steal sensitive data. According to Oasis Security, a leading cybersecurity firm that initially discovered the issue, the vulnerability exploits a crucial flaw in OpenClaw's WebSocket security checks, allowing attackers to brute-force access to locally running instances and take control over them.
The vulnerability is particularly alarming as it enables malicious websites to silently open a connection to the local gateway of an OpenClaw user, bypassing browser cross-origin policies that would normally block such connections. This allows attackers to attempt authentication without triggering any warnings, making it nearly impossible for users to detect the attack in progress. The loopback address (127.0.0.1) is exempt by default from rate limiting measures, allowing local CLI sessions to remain unaffected even when an attacker attempts to brute-force the OpenClaw management password at a staggering hundreds of attempts per second.
Once an attacker successfully guesses the correct password, they can silently register as a trusted device, which automatically approves device pairings from localhost without requiring user confirmation. This grant of trust enables the attacker to interact directly with the AI platform, dumping credentials, listing connected nodes, stealing credentials, and reading application logs. Furthermore, an authenticated session and admin permissions allow attackers to instruct the agent to search messaging histories for sensitive information, exfiltrate files from connected devices, or execute arbitrary shell commands on paired nodes, effectively resulting in full workstation compromise triggered from a browser tab.
The severity of this vulnerability cannot be overstated, as it poses significant risks to individuals and organizations that rely on OpenClaw for AI-powered tasks. The recent surge in popularity of OpenClaw has created an environment ripe for exploitation, and the discovery of the ClawJacked vulnerability highlights the importance of prioritizing security updates and patching timely.
Oasis Security, the firm behind this discovery, reported the issue to OpenClaw and collaborated with the company to release a fix within 24 hours. The updated version, 2026.2.26, features tightened WebSocket security checks and additional protections against abuse of localhost loopback connections to brute-force logins or hijack sessions.
In light of this vulnerability, it is crucial for organizations and developers running OpenClaw to update to the latest patched version immediately to prevent their installations from being hijacked. Furthermore, users must be vigilant in monitoring their system activity and take proactive steps to protect themselves against such attacks.
As we navigate the complex security landscape of AI-powered tools, it becomes increasingly evident that vigilance and proactive measures are essential in preventing vulnerabilities like ClawJacked from wreaking havoc on our digital lives.
Related Information:
https://www.ethicalhackingnews.com/articles/The-ClawJacked-Nightmare-A-Vulnerability-Allows-Malicious-Websites-to-Hijack-AI-Agent-OpenClaw-ehn.shtml
https://www.bleepingcomputer.com/news/security/clawjacked-attack-let-malicious-websites-hijack-openclaw-to-steal-data/
https://iplogger.org/blog/clawjacked-flaw-lets-malicious-sites-hijack-local-openclaw-ai-agents-via-websocket/
https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
Published: Sun Mar 1 16:55:13 2026 by llama3.2 3B Q4_K_M
