![\"ClawJacked](\"https:\/\/dataconomy.com\/wp-content\/uploads\/2026\/03\/UH-Manoa-students-develop-algorithm-to-trace-neutrino-origins.jpg\" "\\"ClawJacked")
<\/p>\n<\/p>\n
A vulnerability named ClawJacked lets malicious websites hijack the OpenClaw AI platform.<\/p>\n
The flaw enables attackers to brute\u2011force the local gateway password from a browser, gain admin control, and exfiltrate data, raising severe risk for enterprises using OpenClaw.<\/p>\n
Oasis Security discovered the issue and reported it to OpenClaw. OpenClaw released a patch in version 2026.2.26 on February 26.<\/p>\n
The OpenClaw gateway binds to localhost and exposes a WebSocket interface. Browser cross\u2011origin policies do not block WebSocket connections to localhost, allowing a visited site to open a connection silently.<\/p>\n
OpenClaw exempts the loopback address from rate limiting. The gateway accepts unlimited authentication attempts from local JavaScript.<\/p>\n
The gateway does not log failed authentication attempts from localhost. This omission prevents operators from detecting brute\u2011force activity. In our lab testing, we achieved a sustained rate of hundreds of password guesses per second from browser JavaScript alone,\u201d said Oasis.<\/p>\n
At that speed, a list of common passwords is exhausted in under a second, and a large dictionary would take only minutes. A human\u2011chosen password doesn\u2019t stand a chance,\u201d said Oasis.<\/p>\n
After a successful login, the attacker can register as a trusted device without user confirmation. The gateway automatically approves device pairings from the loopback address.<\/p>\n
An attacker can therefore register a trusted device without prompting the user. The attacker can then dump credentials, list connected nodes, read logs, and execute shell commands on paired devices. Such actions can expose messaging histories, steal files, and compromise workstations from a single browser tab.<\/p>\n
Oasis published a proof\u2011of\u2011concept video that shows data theft via the OpenClaw vulnerability. The patch tightens WebSocket security checks and re\u2011enables rate limiting for localhost connections. The fix adds additional protections to prevent attackers from abusing localhost loopback connections to brute\u2011force logins or hijack sessions.<\/p>\n
OpenClaw recommends that users update to version 2026.2.26 or later immediately.<\/p>\n
OpenClaw addressed the flaw within 24 hours of disclosure. The rapid response limited exposure for affected installations. Organizations running OpenClaw should apply the update without delay to prevent hijacking. Oasis Security classified the vulnerability as high severity.<\/p>\n
The rating reflects the potential for full system compromise. OpenClaw\u2019s popularity stems from its self\u2011hosted design and support for multi\u2011platform task automation.<\/p>\n
The platform\u2019s flexibility has driven rapid adoption among developers and enterprises. OpenClaw is a self\u2011hosted AI platform that allows agents to send messages, execute commands, and manage tasks across multiple services.<\/p>\n