A critical vulnerability, labeled ‘ClawJacked,’ has been identified in OpenClaw, an open-source AI agent framework. Discovered by Oasis Security, this flaw enables attackers to hijack local AI instances through malicious websites, gaining complete control without user interaction. The vulnerability exploits OpenClaw’s local WebSocket gateway, which inaccurately trusts localhost traffic, allowing cybercriminals to brute-force passwords at high speeds due to the lack of rate limiting. This breach grants attackers admin-level access to sensitive data, connected devices, and configuration logs. In response to this high-severity threat, OpenClaw swiftly released a patch (version 2026.2.26) within 24 hours of the disclosure. Security experts warn organizations to update their systems immediately, audit AI permissions, and enforce strict governance policies to ensure AI agents are treated with the same vigilance as human users. For more insights on AI, tech, and digital diplomacy, consider engaging with our Diplo chatbot.
Source link
