'A human-chosen password doesn't stand a chance': OpenClaw has yet another major security flaw — here's what we know about "ClawJacked"

• Oasis security researchers find a high-severity flaw in OpenClaw AI agent
• Exploit allowed malicious websites to brute-force local gateway authentication and gain full control
• Vulnerability patched within 24 hours; users urged to upgrade to version 2026.2.25 or later

OpenClaw, the vastly popular open source AI agent platform, was vulnerable to a high-severity flaw which allowed threat actors to steal sensitive data from target computers with relative ease, experts have warned.

The bug was discovered by security researchers Oasis, and was patched following responsible disclosure.

For those unfamiliar with OpenClaw, it is an AI agent that users install on their computers and interact with through a web dashboard or terminal. The tool connects to calendars, messaging apps, and can respond to emails, set up calendar events, and more. It is currently one of the most popular AI projects, with more than 100,000 stars on GitHub ...