AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

highnews

security

Source: SecurityWeekMarch 2, 2026

Summary

A vulnerability in OpenClaw allowed malicious websites to connect to the OpenClaw gateway (a system that manages AI agents) on localhost (a computer's own network), guess passwords through brute force attacks (trying many password combinations rapidly), and take control of AI agents. This exposed AI systems to unauthorized hijacking from untrusted websites.

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: March 2, 2026 at 11:00 AM

Classified by LLM (prompt v3) · confidence: 75%