A vulnerability chain dubbed 'ClawJacked' let any website silently take full control of running OpenClaw agents.
Security researchers disclosed a vulnerability chain they named 'ClawJacked' that allowed any website to silently take full control of a running OpenClaw agent. The exploit required no plugins, no special permissions, and no user interaction beyond visiting a webpage. By chaining a cross-origin authentication bypass with a command injection flaw, an attacker could execute arbitrary commands on the victim's machine through their trusted OpenClaw agent. Over 40,000 systems were confirmed compromised before patches were deployed.
AFFECTED USERS: ~40,000
ESTIMATED COST: $10,000,000
The Actual Culprit
The OpenClaw gateway trusted cross-origin requests without proper validation, and the agent execution environment had no sandboxing. A visited webpage could issue commands as if it were the local user.
If your local service accepts cross-origin requests, every website becomes an attack vector.
An agent with full system access means any exploit gives the attacker full system access too.
Releasing a fix means nothing if half your users never update.
Loading comments...