Any Website Can Take Full Control of Your OpenClaw Agent (Oasis) (www.oasis.security)

Oasis Security researchers have uncovered a critical vulnerability in OpenClaw, a rapidly growing open-source AI agent that enables developers to automate tasks across their devices. This flaw, classified as high severity, allows any website to gain full control of a developer's OpenClaw instance without requiring user interaction. The vulnerability stems from the OpenClaw gateway's reliance on localhost connections for its WebSocket server, allowing attackers to brute-force passwords without rate limits. The attackers can then silently register as trusted devices, leading to unauthorized access and the ability to execute commands or exfiltrate sensitive information. This incident highlights significant security implications for the growing adoption of shadow AI tools, which often operate outside the oversight of IT departments. Organizations using OpenClaw are urged to update to version 2026.2.25 or later to mitigate risks. Additionally, the situation emphasizes the need for visibility and governance over AI agents, requiring organizations to audit permissions, control access, and establish policies that safeguard against unauthorized actions by these increasingly prevalent AI assistants. As developers integrate AI tools into their workflows, ensuring robust security frameworks becomes essential to protect sensitive data and system integrity.