A flaw in OpenClaw AI allowed malicious websites to open localhost connections and brute-force passwords.

A critical flaw in the OpenClaw AI agent allowed malicious websites to open WebSocket connections to localhost and brute‑force passwords. Because loopback connections were exempt from rate limiting, attackers could rapidly guess credentials and silently register a trusted device. Once authenticated, attackers gained full administrative control, enabling access to files, logs, and connected devices. The issue has since been patched, but the vulnerability showed how a single browser tab could lead to full workstation compromise

Read more:

https://www.securityweek.com/openclaw-vulnerability-allowed-malicious-websites-to-hijack-ai-agents/