What was the vulnerability found in OpenClaw?

A high-severity flaw was discovered in OpenClaw that allowed malicious websites to brute-force local gateway authentication and gain full control.

How could OpenClaw be exploited?

Exploitation involved a malicious website opening a WebSocket connection to OpenClaw's local server to easily brute-force the gateway password.

How can I fix the OpenClaw vulnerability?

Users are urged to upgrade their OpenClaw instances to version 2026.2.25 or later, as the vulnerability has been patched.

Home / Technology / AI Agent Vulnerable: Upgrade Now!

AI Agent Vulnerable: Upgrade Now!

4 Mar

•

Summary

AI agent OpenClaw had a high-severity security flaw.
Attackers could brute-force passwords via malicious websites.
The vulnerability was patched within 24 hours.

Security researchers recently identified a high-severity vulnerability in the widely-used OpenClaw AI agent platform. The exploit allowed malicious websites to bypass local gateway authentication, potentially leading to unauthorized access and data theft.

This flaw resided within the core system of OpenClaw, an AI agent that connects to user calendars, messaging apps, and can manage tasks like scheduling. According to the researchers, a malicious website could exploit a WebSocket server within OpenClaw to brute-force its password. Once authenticated, attackers gained complete control over the AI agent's functions.

Oasis, the security firm that discovered the vulnerability, reported it responsibly. The OpenClaw developers responded swiftly, deploying a patch within 24 hours of disclosure. Users are now urged to upgrade to version 2026.2.25 or a later version to protect against this security threat.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.