Data Leakage

OpenClaw Patches ‘ClawJacked’ Takeover Flaw as Ecosystem Faces Ongoing Security Threats

A localhost WebSocket trust gap let attacker websites brute‑force the gateway password, with version 2026.2.25 closing the hole.