ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

Original Source

The Hacker News

// Analysis

OpenClaw has addressed a high-severity security flaw, codenamed "ClawJacked" by Oasis Security, that could have allowed malicious websites to hijack locally running OpenClaw AI agents. The vulnerability was found in the core OpenClaw gateway, a local WebSocket server typically bound to localhost and password-protected, operating without user-installed extensions or plugins. This means the flaw resided in the foundational setup of the agent environment.

// Why It Matters

Signal Intelligence Assessment

The "ClawJacked" flaw exposes a fundamental security risk in local OpenClaw agent deployments, revealing that agent gateways bound to localhost can be hijacked by malicious websites if standard browser cross-origin protections and server-side rate-limiting are bypassed for local WebSocket connections.
The swift release of OpenClaw version 2026.2.25 addresses the "ClawJacked" vulnerability, providing an essential update that developers must apply immediately to secure local agent deployments against remote hijacking attempts.
The incident reinforces that agentic AI, by design, increases the potential blast radius of security breaches, necessitating a shift in developer mindset towards comprehensive governance and constant auditing of AI agent access permissions across integrated enterprise tools.
The repeated surfacing of vulnerabilities, including "ClawJacked" and prior reports from Bitsight and NeuralTrust, signals an intensifying security focus across the OpenClaw ecosystem, urging developers to prioritize robust security practices for agent deployment and interaction.

Analyzed 17:00 PT · Trace No. 001 · February 2026

Back to Trace No. 001 · February 2026