AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

ClawJacked attack let malicious websites hijack OpenClaw to steal data

highnews

security

Source: BleepingComputerMarch 1, 2026

Summary

A vulnerability called ClawJacked in OpenClaw (a self-hosted AI platform that runs AI agents locally) allowed malicious websites to secretly take control of a running instance and steal data by brute-forcing the password through the browser. The attack exploited the fact that OpenClaw's gateway service listens on localhost (127.0.0.1, a local-only address) with a WebSocket interface (a two-way communication protocol), and localhost connections were exempt from rate limiting, allowing attackers to guess passwords hundreds of times per second without triggering protections.

Solution / Mitigation

Update to OpenClaw version 2026.2.26 or later immediately. According to the source, the fix "tightens WebSocket security checks and adds additional protections to prevent attackers from abusing localhost loopback connections to brute-force logins or hijack sessions, even if those connections are configured to be exempt from rate limiting."

Classification

Attack Type

Model Theft

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2026-24747: PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `wei

First tracked: March 1, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 85%