Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent.
The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek.