OpenClaw Vulnerability Allowed Websites to Hijack AI Agents - SecurityWeek

A vulnerability in the OpenClaw AI assistant allowed malicious websites to establish WebSocket connections to the local gateway, bypassing cross-origin policies and rate limits. This enabled attackers to brute-force local passwords, gain administrator privileges, and achieve full control over the AI agent and connected developer workstation.