TechFlow News: On March 2, GoPlus’s Chinese community issued a security alert stating that OpenClaw Gateway has a critical vulnerability. Users are urged to immediately upgrade to version 2026.2.25 or later, audit all credentials, API keys, and node permissions granted to Agent instances, and revoke any unnecessary ones. According to their analysis, OpenClaw runs a WebSocket Gateway bound to localhost, which serves as the core coordination layer for Agents and constitutes a vital component of OpenClaw. This attack specifically exploits weaknesses in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers via their web browser.
The full attack chain is as follows:
- 1. The victim visits a malicious website controlled by the attacker using their web browser;
- 2. JavaScript embedded in the webpage initiates a WebSocket connection to the OpenClaw Gateway running on localhost;
- 3. Subsequently, the attack script attempts to brute-force the Gateway password at a rate of hundreds of attempts per second;
- 4. Upon successful password cracking, the attack script silently registers itself as a trusted device;
- 5. The attacker gains administrator-level control over the Agent;
Add to Favorites
Share to Social Media
