Overview
- Oasis Security detailed ClawJacked (CVE-2026-25253), showing how malicious sites could open a WebSocket to the local gateway, brute‑force the password without rate limits, auto‑register as a trusted device, and seize full agent control.
- OpenClaw maintainers shipped a fix in under 24 hours, urging users to update to 2026.2.25, with earlier patches addressing a log‑poisoning prompt‑injection path (fixed in 2026.2.13) and other CVEs tied to RCE, SSRF, auth bypass, and path traversal.
- Security scans have found large numbers of internet‑exposed gateways, with reports citing more than 21,000 instances reachable on the public web, heightening risks of API key and session theft from misconfigured deployments.
- Researchers continue to uncover malicious ClawHub skills, including campaigns delivering Atomic Stealer and crypto‑theft schemes, with analyses flagging at least 71 tainted listings and agent‑to‑agent social engineering on Moltbook.
- Vendors and practitioners advise treating agent runtimes as high‑privilege infrastructure, with Meta banning OpenClaw on work devices and Microsoft recommending isolated VMs, least‑privilege credentials, skill vetting, audits, and human‑in‑the‑loop approvals.