- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
GoPlus: OpenClaw Gateway currently has a high-risk vulnerability, please upgrade to version 2026.2.25 or higher immediately
GoPlus Chinese community issues a warning, the OpenClaw Gateway has a high-risk vulnerability. Please upgrade to version 2026.2.25 or higher immediately, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances.
The analysis states that OpenClaw operates through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. This attack targets the vulnerabilities in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers in their browser.
The complete attack chain is as follows: 1. The victim visits a malicious website controlled by the attacker in their browser; 2. JavaScript on the page initiates a WebSocket connection to the OpenClaw gateway on the localhost; 3. Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second; 4. Upon successful cracking, the attack script silently registers as a trusted device; 5. The attacker gains administrator-level control over the Agent.
You may also like
How 30+ Global Sponsors Powered WEEX AI Trading Hackathon Into a $1.88M Carnival
Discover how 30+ global sponsors including AWS helped power the $1.88M WEEX AI Trading Hackathon, turning AI strategies into live crypto market competition.
Key Market Information Discrepancy on March 2nd - A Must-See! | Alpha Morning Report
Iran Missile Strike in Dubai: Three Chinese Nationals Tell Their Story 48 Hours Later
72 Minutes Before Attack, Six Mysterious Accounts Raked in $1.2 Million
How to Preserve Life and Wealth in Turbulent Times | Bill It Up Memo
I have given up using OpenClaw
WLFI is involved in insider dealings again? The banking license controversy under a $500 million investment
Morning News | Iranian Supreme Leader Khamenei Assassinated; Kalshi to Refund Fees for "Will Khamenei Step Down" Related Market; Bitcoin Spot ETF Sees Net Inflow of $787 Million This Week
The harvesting tactics of the quantitative giant Jane Street
Cryptocurrency ETF Weekly | Last week, the net inflow for Bitcoin spot ETFs in the U.S. was $787 million; the net inflow for Ethereum spot ETFs in the U.S. was $80.2 million
WLFI at it Again? Banking License Controversy Amid $500M Investment
The Aave civil war escalates, Morpho quietly doubles: Is the lending throne about to change hands?
Dune Stablecoin Research: The Flow and Demand of a $300 Billion Market
Stripe Annual Letter: New cognitive density is extremely high, especially the 5-level model of "AI + Payments"
Sam Altman's Twenty-Four Hours: The Pentagon said "no" twice, but only one was serious
The US-Iran Conflict Spreads to the Crypto Space: What to Expect in the Market on Monday
Lily Liu, the chair of the Solana Foundation, shouted "Don't waste time on crypto," is the crypto industry really dead?
The little deer live by the water and grass
How 30+ Global Sponsors Powered WEEX AI Trading Hackathon Into a $1.88M Carnival
Discover how 30+ global sponsors including AWS helped power the $1.88M WEEX AI Trading Hackathon, turning AI strategies into live crypto market competition.
App