ClawJacked Flaw lets malicious sites hijack local OpenClaw AI Agents via WebSocket
- 4 hours ago
- 1 min read
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.
"Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis Security said in a report published this week.
The flaw has been codenamed ClawJacked by the cybersecurity company.
Read the full story | THE HACKER NEWS
