{"data":{"id":"3c6304d7-3405-43ad-a8f5-7896fcec1d53","title":"ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket","summary":"OpenClaw fixed a high-severity vulnerability called ClawJacked that let malicious websites hijack local AI agents by exploiting a missing rate-limiting mechanism on the gateway's WebSocket server (a protocol for two-way communication between browsers and servers). An attacker could trick a developer into visiting a malicious site, then use JavaScript to brute-force the gateway password, auto-register as a trusted device, and gain complete control over the AI agent to steal data and execute commands.","solution":"OpenClaw released version 2026.2.25 on February 26, 2026, which fixed the vulnerability. Users are advised to \"apply the latest updates as soon as possible, periodically audit access granted to AI agents, and enforce appropriate governance controls for non-human (aka agentic) identities.\"","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html","publishedAt":"2026-02-28T17:21:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","jailbreak"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenClaw","Oasis Security","Bitsight","NeuralTrust","Eye Security"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}