OpenClaw users warned of ClawJacked vulnerability exploit

OpenClaw users are being advised to upgrade to the latest version following the discovery of a critical vulnerability known as "ClawJacked." This high-severity issue allows adversaries to gain full remote control over the AI agent through an indirect prompt injection attack. Researchers from Oasis Security highlighted that the OpenClaw gateway, which manages authentication and orchestrates the AI agent's operations, is particularly vulnerable due to its default binding to localhost, assuming local access is secure.

The ClawJacked vulnerability poses significant risks as it enables malicious JavaScript to exploit the WebSocket connection to the OpenClaw gateway, potentially allowing unauthorized access to sensitive functionalities. Users are encouraged to review the latest release notes and implement necessary model updates to mitigate these risks. As the landscape of AI automation continues to evolve, ensuring robust security measures in agent workflows and API integrations remains critical for developers utilizing OpenClaw.