UrsaClimb Logo

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Bleeping Computer
by Lawrence Abrams
March 1, 2026
AI-Generated Deep Dive Summary
Security researchers have uncovered a critical vulnerability in the popular OpenClaw AI agent platform, dubbed "ClawJacked," which enables malicious websites to hijack locally running instances and gain unauthorized access. The issue was discovered by Oasis Security, who reported it to OpenClaw, leading to a prompt fix in version 2026.2.26 released on February 26. OpenClaw is widely used for enabling AI agents to manage tasks and communicate across platforms. The vulnerability stems from the OpenClaw gateway service binding to localhost by default and exposing a WebSocket interface. Unlike standard web connections, WebSocket allows JavaScript in malicious websites to silently connect to localhost without triggering browser warnings. While OpenClaw includes rate limiting to block brute-force attacks, loopback addresses like 127.0.0.1 are exempt, allowing attackers to bypass these defenses. Researchers demonstrated that hundreds of password attempts per second could be made undetected, leading to potential compromise within seconds or minutes. Once authenticated, attackers can gain admin-level access, enabling them to steal credentials, execute shell commands, and exfiltrate sensitive data. This level of control puts the entire system at risk, as OpenClaw's AI capabilities could be exploited for malicious activities such as searching messaging histories or accessing connected devices. The fix strengthens WebSocket security and adds protections against brute-force attacks on localhost connections. With OpenClaw's growing popularity, this vulnerability highlights the critical need for users to update to the latest version immediately. Security experts warn that threat actors are increasingly targeting AI platforms like OpenClaw, using techniques such as abusing third-party repositories or deploying infostealing malware. This underscores the importance of vigilance and proactive security measures in managing AI tools. The ClawJacked exploit exemplifies how even well-established platforms can be exposed to severe risks through overlooked vulnerabilities. As cyber threats evolve, staying informed about such issues and prioritizing software updates are essential steps for maintaining digital security.
Verticals
securitytech
Originally published on Bleeping Computer on 3/1/2026