Urgent Call for OpenClaw Users to Upgrade After Critical Security Flaw Discovered
Users of OpenClaw, a popular AI assistant platform, have been strongly advised to promptly upgrade to the latest version following alarming revelations from security researchers about a critical vulnerability. This flaw, dubbed the "ClawJacked" bug, has been classified as a high-severity issue that could potentially allow malicious actors complete remote control over affected systems.
The underlying architecture of OpenClaw features a gateway functioning as a local WebSocket server, which acts as the brain for its operations. According to experts at Oasis Security, this gateway is responsible for handling authentication, managing chat sessions, storing configuration settings, and orchestrating the AI agent. It works in tandem with connected nodes, which could include various devices such as a macOS companion application, iOS devices, or other machines. These nodes register themselves with the gateway, making capabilities available that allow actions like executing system commands, engaging with the camera, and accessing user contacts.
One key aspect of the gateway’s design is that it binds to localhost by default, under the assumption that local access is secure and inherently trustworthy. However, this assumption proves hazardous when users inadvertently visit compromised or malicious websites. The critical flaw arises in situations where attackers employ a directed script to exploit this loophole.
The process of attacking the OpenClaw gateway can unfold in several systematic steps. First, malicious JavaScript embedded on a web page can initiate a WebSocket connection to the localhost on the OpenClaw gateway’s designated port. This maneuver is permitted because cross-origin policies do not block such connections.
Next, the attacker can implement a brute-force attack on the gateway’s password, executing hundreds of attempts per second. Alarmingly, the rate limiter on the gateway does not apply to connections made via localhost, creating an environment where the attacker can easily bypass security measures.
Once authenticated, the script can silently register as a trusted device, completing the process without prompting any user for approval, as the gateway automatically allows device pairings from localhost connections. Following successful authentication, attackers gain extensive control over the OpenClaw instance. This control enables them to interact with the AI agent, extract configuration data, enumerate connected devices and even access log files, raising serious privacy and security concerns.
In light of these vulnerabilities, researchers have emphatically urged OpenClaw users to upgrade their systems to version 2026.2.25 or later as an immediate action. Their prompt response is commendable, particularly appreciating the community volunteers behind the open-source project who acted quickly to address the security issue.
This incident, however, is not an isolated one. It marks just one of many recent security alerts regarding OpenClaw. In addition to the ClawJacked vulnerability, multiple other security flaws have surfaced in recent weeks. Researchers have also documented a range of malicious add-ons, termed “skills,” and identified the presence of infostealers specifically targeting the AI tool. Such vulnerabilities threaten to compromise user security and privacy even further.
In light of these discoveries, Oasis Security recommends multiple actions for organizations utilizing OpenClaw. Firstly, they should develop a thorough inventory of all AI applications in use to monitor which agents and assistants are operating within developer environments. Secondly, they should immediately update all instances of OpenClaw to the most recent version available.
Additionally, organizations are encouraged to review access rights granted to AI agents, revoking permissions that are not actively required for functionality. Establishing a governance strategy focused on non-human identities is also crucial. Such a strategy should involve intent analysis, policy enforcement, just-in-time access provisioning, and maintaining comprehensive audit trails documenting every action taken — from human interaction to agent response.
Failure to act promptly can expose users to serious risks, thereby highlighting the importance of cybersecurity measures in today’s rapidly evolving technological landscape. As researchers continue to uncover vulnerabilities, the call for vigilance and proactive security updates becomes increasingly critical for users of platforms like OpenClaw.