OpenClaw ClawJacked localhost WebSocket brute-force security flaw
Vulnerability
Summary
Hide ▲
Show ▼
OpenClaw’s ClawJacked vulnerability allowed a malicious website to brute-force a localhost WebSocket connection and take control of a local instance, putting sessions, credentials, and workstations at risk. The flaw worked because browser cross-origin rules did not stop WebSocket traffic to localhost, and the 127.0.0.1 rate-limit exemption let password guesses run at high speed. Once a password was guessed, the attacker could register as a trusted device and move into logs, files, commands, and connected nodes. OpenClaw fixed the issue in version 2026.2.26 and users were told to update immediately.
Related Happenings
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
Vulnerability
H score31
First: 15.05.2026 16:35
Last: 15.05.2026 16:35
Sources 1
About this happening:
Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...
Cline Kanban server WebSocket origin/authentication security flaw
Vulnerability
H score33
First: 07.05.2026 17:30
Last: 07.05.2026 17:30
Sources 1
About this happening:
**Cline Kanban server** has a **critical WebSocket origin/authentication flaw** that can let a webpage a developer visits **exfiltrate workspace data**, **inject terminal commands...
Cline Kanban server WebSocket origin/authentication security flaw
VulnerabilityAbout this happening: **Cline Kanban server** has a **critical WebSocket origin/authentication flaw** that can let a webpage a developer visits **exfiltrate workspace data**, **inject terminal commands...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware Activity
H score30
First: 09.03.2026 20:31
Last: 09.03.2026 20:31
Sources 1
About this happening:
A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
GhostLoader RAT-stealer via @openclaw-ai/openclawai
Malware ActivityAbout this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...
ClawHub malicious skills deliver Atomic Stealer
Malware Activity
H score29
First: 28.02.2026 19:21
Last: 28.02.2026 19:21
Sources 1
About this happening:
Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
ClawHub malicious skills deliver Atomic Stealer
Malware ActivityAbout this happening: Researchers found **malicious skills** on **ClawHub** delivering a **new Atomic Stealer variant** to **macOS** users, turning the OpenClaw skills marketplace into a malware delive...
Timeline
-
01.03.2026 23:44 2 articles · 4mo ago
OpenClaw releases version 2026.2.26 to fix ClawJacked
Mitigation Patch UpdateOpenClaw released version 2026.2.26 to harden WebSocket handling and add protections against localhost loopback abuse, closing the path that let ClawJacked brute-force the management password from browser JavaScript and hijack a locally running instance.
Show sources
- ClawJacked attack let malicious websites hijack OpenClaw to steal data — www.bleepingcomputer.com — 01.03.2026 23:44
- ClawJacked Bug Enables Covert AI Agent Hijacking — www.infosecurity-magazine.com — 02.03.2026 13:30
-
01.03.2026 23:44 1 articles · 4mo ago
ClawJacked disclosure details OpenClaw localhost WebSocket brute force
Initial DisclosureSecurity researchers disclosed ClawJacked in OpenClaw, a high-severity flaw that let a malicious website use browser JavaScript against the platform’s localhost WebSocket interface to silently brute-force the management password, register as a trusted device, and gain access for credential theft, log access, file exfiltration, and shell-command execution on paired nodes.
Show sources
- ClawJacked attack let malicious websites hijack OpenClaw to steal data — www.bleepingcomputer.com — 01.03.2026 23:44