An OpenClaw vulnerability has allowed attackers to steal user credentials.

A critical OpenClaw vulnerability allowed attackers to steal authentication tokens by tricking victims into visiting malicious websites. Using the stolen token, attackers could open a WebSocket connection to the victim’s local OpenClaw instance and disable safeguards, enabling full remote command execution. Because OpenClaw has elevated system privileges, a compromised instance exposes sensitive data and allows attackers deep control over the host system.

Read more:

https://www.securityweek.com/vulnerability-allows-hackers-to-hijack-openclaw-ai-assistant/