AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Your personal OpenClaw agent may also be taking orders from malicious websites

highnews

security

Source: CSO OnlineFebruary 27, 2026

Summary

Researchers discovered a flaw chain called ClawJacked (CVE-2026-25253) that allowed malicious websites to take control of locally running OpenClaw agents (AI tools that automate tasks on your computer). The attack exploited a design flaw where the OpenClaw gateway trusted anything from localhost (your own computer) and allowed WebSocket connections (direct communication channels) from external websites, letting attackers brute-force passwords without rate limits and gain full access to the agent's capabilities, credentials, and data.

Solution / Mitigation

OpenClaw promptly fixed the vulnerability after Oasis Security reported it and provided proof-of-concept code. No additional details about the specific fix are provided in the source text.

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrityavailability

Affected Vendors

Original source: https://www.csoonline.com/article/4138431/your-personal-openclaw-agent-may-also-be-taking-orders-from-malicious-websites.html

First tracked: February 27, 2026 at 07:00 AM

Classified by LLM (prompt v3) · confidence: 85%