ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

Staff Editor 2026-02-28
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html

Publish Date: 2026-02-28 12:21:00

Source Domain: thehackernews.com

  • OpenClaw has patched a critical security vulnerability known as ClawJacked that allowed attackers to gain control over a locally running AI agent by exploiting a loophole in the OpenClaw core system.
  • The vulnerability involved malicious JavaScript opening a WebSocket connection to the AI gateway, bypassing protections and gaining admin-level permissions.
  • The issue highlighted significant risks posed by AI agents that have broad access to enterprise systems, calling for strict governance for non-human entities.
  • Multiple additional vulnerabilities, including remote code execution and log poisoning, have also been discovered and resolved in recent OpenClaw updates.
  • Malicious skills have been identified on the ClawHub marketplace, which serves as a conduit for attacks like Atomic Stealer malware and cryptocurrency scams.
  • Users are urged to audit skills before installation, avoid exposing credentials unnecessarily, and continuously monitor agent interactions.
  • Microsoft has issued a security advisory cautioning against running OpenClaw on personal or enterprise workstations due to the significant risks associated with self-hosted agent runtimes.

More Stories

Oklahoma Ethics Commission in beginning stages of addressing AI in campaign ads

Oklahoma Ethics Commission in beginning stages of addressing AI in campaign ads

Staff Editor 2026-06-05
Microsoft AI chief says company was “set free” from OpenAI to pursue superintelligence

Microsoft AI chief says company was “set free” from OpenAI to pursue superintelligence

Staff Editor 2026-06-05
AstraZeneca CEO says AI is reshaping drug development — and helping boost the odds of success

AstraZeneca CEO says AI is reshaping drug development — and helping boost the odds of success

Staff Editor 2026-06-05

You may have missed

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

Staff Editor 2026-06-05
Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
Oklahoma Ethics Commission in beginning stages of addressing AI in campaign ads

Oklahoma Ethics Commission in beginning stages of addressing AI in campaign ads

Staff Editor 2026-06-05
Microsoft AI chief says company was “set free” from OpenAI to pursue superintelligence

Microsoft AI chief says company was “set free” from OpenAI to pursue superintelligence

Staff Editor 2026-06-05
AstraZeneca CEO says AI is reshaping drug development — and helping boost the odds of success

AstraZeneca CEO says AI is reshaping drug development — and helping boost the odds of success

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy