ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
Summary
OpenClaw fixed a high-severity vulnerability called ClawJacked that let malicious websites hijack local AI agents by exploiting a missing rate-limiting mechanism on the gateway's WebSocket server (a protocol for two-way communication between browsers and servers). An attacker could trick a developer into visiting a malicious site, then use JavaScript to brute-force the gateway password, auto-register as a trusted device, and gain complete control over the AI agent to steal data and execute commands.
Solution / Mitigation
OpenClaw released version 2026.2.25 on February 26, 2026, which fixed the vulnerability. Users are advised to "apply the latest updates as soon as possible, periodically audit access granted to AI agents, and enforce appropriate governance controls for non-human (aka agentic) identities."
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
First tracked: February 28, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 85%