ClawJacked flaw in OpenClaw AI lets attackers take admin control

A high-severity security vulnerability, dubbed 'ClawJacked', was discovered in the OpenClaw AI agent framework, allowing malicious websites to take control of local instances and steal data. The flaw, identified by Oasis Security, enables attackers to brute-force the gateway password or leverage trusted local traffic protocols, gaining admin-level access without any user awareness. OpenClaw quickly released a patch (version 2026.2.26) to address the issue. Developers are advised to update their instances and audit AI tool permissions, emphasizing the need for strict governance around AI agents.