ClawJacked Flaw in OpenClaw Enables Local AI Agent Hijacking via WebSocket

First reported

28.02.2026 19:21

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A high-severity vulnerability in OpenClaw, codenamed ClawJacked, allows malicious websites to hijack locally running AI agents through WebSocket connections. The flaw exploits missing rate-limiting and auto-approval of trusted devices, enabling attackers to take control of the AI agent. OpenClaw has released a fix in version 2026.2.25, urging users to update immediately and enforce strict governance controls.

Timeline

28.02.2026 19:21 1 articles · 5h ago

ClawJacked Flaw in OpenClaw Enables Local AI Agent Hijacking via WebSocket
A high-severity vulnerability in OpenClaw, codenamed ClawJacked, allows malicious websites to hijack locally running AI agents through WebSocket connections. The flaw exploits missing rate-limiting and auto-approval of trusted devices, enabling attackers to take control of the AI agent. OpenClaw has released a fix in version 2026.2.25, urging users to update immediately and enforce strict governance controls.
Show sources

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Open in new tab

Information Snippets

The vulnerability resides in the core OpenClaw gateway, not in plugins or extensions.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Attackers can brute-force the gateway password due to missing rate-limiting.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Successful authentication grants admin-level permissions, allowing stealthy registration as a trusted device.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
The flaw enables attackers to interact with the AI agent, dump configuration data, and read application logs.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
OpenClaw released a fix in version 2026.2.25 on February 26, 2026.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Additional vulnerabilities in OpenClaw include log poisoning and multiple CVEs ranging from moderate to high severity.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Malicious skills on ClawHub are being used to deliver Atomic Stealer and other malware.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21
Microsoft advises treating OpenClaw as untrusted code execution and deploying it in isolated environments.
First reported: 28.02.2026 19:21

1 source, 1 article
Show sources
- ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket — thehackernews.com — 28.02.2026 19:21