A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without limits, and take full control by exploiting implicit trust in localhost connections.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Researchers at Oasis Security disclosed a critical vulnerability (CVE-2026-25253, dubbed ClawJacked) in OpenClaw, a locally running AI agent. The flaw exploits the browser's ability to open WebSocket connections to localhost services, bypassing cross-origin protections. A malicious website can silently connect to the OpenClaw gateway, brute-force its password without rate limits due to implicit localhost trust, and register as a trusted device — gaining full control of the agent including access to API keys, credentials, codebases, and the ability to execute tasks at machine speed. OpenClaw patched the issue in v2026.2.25 within 24 hours, but experts warn that architectural risks remain and organizations should enforce stronger authentication, rate limiting, explicit session approval, and behavioral monitoring for AI agents.

Your personal OpenClaw agent may also be taking orders from malicious websites