OpenClaw Vulnerability Details
A critical vulnerability in the OpenClaw AI assistant, as reported by Oasis Security, exposed the platform to potential hijacking by directing users to compromised websites. This flaw could be exploited without requiring the installation of malicious software or user intervention.
The vulnerability stemmed from OpenClaw’s self-hosted AI agent, which operates a local WebSocket server serving as a gateway for authentication, orchestration, chat management, and configuration storage. This setup allowed external applications and devices to connect as nodes for command execution and capability access, secured by tokens or passwords.
Exploitation Mechanism
According to Oasis Security, the gateway’s default binding to localhost assumed inherent trust in local access, creating a security gap. Developers visiting malicious sites could unknowingly expose their AI agents to attacks.
Exploiting the vulnerability relied on JavaScript on a rogue website, which could establish a WebSocket connection to the agent’s port on localhost. The absence of browser cross-origin policy restrictions on localhost connections facilitated this breach.
Security Implications and Resolution
The security loophole was exacerbated by the gateway’s rate limiter exemption for loopback connections. Attackers could perform numerous password brute-force attempts rapidly without detection. Oasis Security’s tests demonstrated a rate of hundreds of guesses per second, allowing attackers to exhaust common passwords in seconds and larger dictionaries in minutes.
Once the password was cracked, attackers could achieve authenticated sessions with administrative authority, enabling them to manipulate the AI agent, retrieve configurations, access logs, and execute commands. This posed a significant risk of compromising developers’ workstations.
The OpenClaw security team responded swiftly, resolving the issue within 24 hours of the report and categorizing it as high-severity. Users are strongly advised to upgrade to OpenClaw version 2026.2.25 or later to mitigate this threat.
Conclusion
This incident underscores the critical need for robust security measures in AI systems. The swift resolution by the OpenClaw team highlights the importance of proactive vulnerability management. Users must stay vigilant and ensure their systems are regularly updated to protect against evolving cyber threats.
