ClawJacked attack let malicious websites hijack OpenClaw to steal data

Published:

1 maart 2026 om 21:44:55

Alert date:

1 maart 2026 om 22:01:01

Source:

bleepingcomputer.com

Enterprise Applications, Web Technologies, Zero-Day Vulnerabilities

Security researchers disclosed a high-severity vulnerability dubbed 'ClawJacked' in the popular AI agent OpenClaw. The vulnerability allows malicious websites to silently brute force access to locally running OpenClaw instances and take control over them. This represents a significant security risk for users running OpenClaw locally, as attackers can hijack the AI agent to steal data through malicious web pages. The attack demonstrates how AI agents can be compromised through web-based attack vectors.

Technical details

The ClawJacked vulnerability exploits OpenClaw's WebSocket interface that binds to localhost by default. Malicious websites can use JavaScript to silently connect to the local gateway (127.0.0.1) without triggering cross-origin policy warnings. The loopback address is exempt from rate limiting by default, allowing attackers to brute-force passwords at hundreds of attempts per second without throttling or logging. Once authenticated, the gateway automatically approves device pairings from localhost without user confirmation, granting full admin access to dump credentials, steal data, read logs, and execute arbitrary shell commands on paired nodes.

Mitigation steps:

Update OpenClaw to version 2026.2.26 or later immediately. The fix includes tightened WebSocket security checks and additional protections to prevent localhost loopback connection abuse for brute-force attacks and session hijacking.

Affected products:

OpenClaw (versions prior to 2026.2.26)