Overview
- ClawJacked exploited a localhost WebSocket path that browsers allow, letting a visited site silently connect to the OpenClaw gateway.
- Loopback was exempt from rate limiting and, per researchers, even failed attempts were not logged, enabling hundreds of password guesses per second from a browser tab.
- Once authenticated, the gateway auto‑approved device registration from localhost, allowing attackers to enroll a trusted device without user interaction.
- With admin control, attackers could dump credentials, list connected nodes, read logs, exfiltrate files, and run shell commands, as shown in Oasis Security’s proof‑of‑concept.
- OpenClaw says the issue was fixed within 24 hours, with updates available in version 2026.2.26; users are advised to upgrade immediately and harden settings by enforcing rate limits, disabling localhost auto‑approve, and auditing agent privileges, as researchers also warn about malicious skills on ClawHub.