“ClawJacked” Vulnerability Allows Malicious Websites to Take Control of OpenClaw

fria · March 2, 2026, 11:39pm

Oasis Security discovered a vulnerability in the popular OpenClaw agentic AI software that allows websites to silently bruteforce access to a locally running instance and take it over.

This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/03/02/clawjacked-vulnerability-allows-malicious-websites-to-take-control-of-openclaw

Onscreen5341 · March 3, 2026, 8:57am

Who would have guess that vibe-coded, ultra hyped, completely broken, and insecure garbage software would have security vulnerabilities.

I really understand people/companies who deployed OpenClaw in a production system out of hype. No one would have predicted that this happens.

Topic		Replies	Views
Moldbot/Clawdbot (Personal AI Assistant) General	7	895	January 30, 2026
Thoughts on IronClaw? Questions	3	542	February 25, 2026
Severe Meta Cybersecurity Incident Caused by AI Agent News	1	218	March 22, 2026
Blocking the Internet's Latest Flood of Web-Scraping Robots on Personal Websites Using Nginx on Low-Resource Computers General	4	316	November 4, 2025
Trail of Bits Exposes Vulnerabilities in Agentic Browsers, Compares to Cross-Site Scripting News	0	139	January 16, 2026

“ClawJacked” Vulnerability Allows Malicious Websites to Take Control of OpenClaw

Related topics