Warning, OpenClaw Gateway currently has a high-risk vulnerability, please upgrade to version 2026.2.25 or higher immediately

GoPlus Chinese Community has issued a warning about a critical vulnerability in OpenClaw Gateway. Please upgrade to version 2026.2.25 or higher immediately, and audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances.

The analysis states that OpenClaw operates through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is a crucial component of OpenClaw. This attack targets the vulnerabilities in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers in their browser. The complete attack chain is as follows: 1. The victim visits a malicious website controlled by the attacker in their browser; 2. JavaScript on the page initiates a WebSocket connection to the OpenClaw gateway on the localhost; 3. Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second; 4. Upon successful cracking, the attack script silently registers as a trusted device; 5. The attacker gains administrator-level control over the Agent.