A vulnerability in the OpenClaw AI assistant allowed attackers to hijack AI agents by misleading users to malicious websites, according to Oasis Security. Exploiting this flaw did not require any user interaction, as it took advantage of the assistant’s local WebSocket server, which was assumed to be secure due to its default binding to localhost. This assumption proved insecure, as JavaScript from a malicious website could exploit the lack of cross-origin restrictions to brute-force passwords without rate limiting, granting attackers full control over the AI agent. Oasis notes that this could lead to severe compromises, such as accessing sensitive information and executing commands on connected devices. The OpenClaw security team promptly addressed this high-severity issue by releasing an update, urging users to upgrade to version 2026.2.25 or later.
OpenClaw vulnerability allows hijacking of AI agents via malicious websites
