ClawJacked Vulnerability Allows Unauthorized Access to OpenClaw Gateway

The vulnerability named ClawJacked allows a malicious website to connect from a browser to a WebSocket exposed on localhost by the OpenClaw gateway. Attackers can use brute force to gain administrator access, enabling theft of credentials and data or execution of commands on paired devices. The flaw specifically exploits WebSockets running on the local machine without requiring prior authentication. No CVE ID, specific affected versions, or exact dates were mentioned in the report. The primary impact includes unauthorized control over OpenClaw and potential compromise of connected systems.