GoPlus: OpenClaw Gateway currently has a high-risk vulnerability, please upgrade to version 2026.2.25 or higher immediately

By: rootdata|2026/03/02 13:43:44

0

Share

copy

GoPlus Chinese community issues a warning, the OpenClaw Gateway has a high-risk vulnerability. Please upgrade to version 2026.2.25 or higher immediately, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances.

The analysis states that OpenClaw operates through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. This attack targets the vulnerabilities in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers in their browser.

The complete attack chain is as follows: 1. The victim visits a malicious website controlled by the attacker in their browser; 2. JavaScript on the page initiates a WebSocket connection to the OpenClaw gateway on the localhost; 3. Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second; 4. Upon successful cracking, the attack script silently registers as a trusted device; 5. The attacker gains administrator-level control over the Agent.

You may also like

Kalshi early employees: Whoever controls the traffic controls the market

Kalshi early employees: Whoever controls the traffic controls the market

Robinhood can decide where tens of millions of contracts go with the flip of a switch, while the exchanges do all the hard work but cannot control their own fate.

Tether signs contracts with four major audits, Circle's compliance moat collapses, stock price plummets by 20%

Tether signs contracts with four major audits, Circle's compliance moat collapses, stock price plummets by 20%

USDT, with a market value of 184 billion dollars, is undergoing its first comprehensive inspection in history.

Proudly Introducing Aethir Claw: Your AI Agent, Our Infrastructure

Proudly Introducing Aethir Claw: Your AI Agent, Our Infrastructure

Explore Aethir Claw, an easy-to-deploy AI agent solution that offers fully isolated VPS, encrypted payments, and highly competitive pricing.

Why Buying Gold Can Lead to Bankruptcy

Why Buying Gold Can Lead to Bankruptcy

"There is no issue with 'buying gold,' the issue is 'buying whose gold.'"

If the US Treasury yield rises above 5%, will Bitcoin drop below $50,000?

If the US Treasury yield rises above 5%, will Bitcoin drop below $50,000?

During the US-Iran war, as the bond market exhibited a **"meltdown"** scenario, Bitcoin's upward momentum is showing signs of exhaustion.

Circle Plunges 20%: Crypto Earthquake Triggered by Draft Proposal

Circle Plunges 20%: Crypto Earthquake Triggered by Draft Proposal

Compliance gave Circle both a suit of armor and a ball and chain.

After the Smoke Clears: 5 Possible Endings to the Middle East Conflict

After the Smoke Clears: 5 Possible Endings to the Middle East Conflict

The Crown Prince in Exile for Half a Century, Set to Return to Tehran?

Stablecoin Yields Discontinued, Circle Plunges 20% in One Day

Stablecoin Yields Discontinued, Circle Plunges 20% in One Day

Tightening Regulations and Increased Competition Lead Market to Reassess Stablecoin Business Models

AI Wired into War Machine | Rewire News Nightly

AI Wired into War Machine | Rewire News Nightly

Anduril and Palantir are collaborating on the development of the core software for the Golden Dome anti-missile system, with a project budget of $18.5 billion.

Web3 is sick, but the cure is not AI

Web3 is sick, but the cure is not AI

Encryption may have wasted too many years, and the current AI anxiety is merely a stress response of an industry that has overdrawn its narrative after facing external shocks.

Why must Web3 projects be included in RootData?

Why must Web3 projects be included in RootData?

Behind the wave of exchanges delisting and the tightening of coin listing reviews, the "information transparency" of projects is becoming a key threshold that determines whether they can be seen and trusted.

Fluid Announces Updates on Resolv Hack Recovery and Compensation Plan

Fluid Announces Updates on Resolv Hack Recovery and Compensation Plan

Key Takeaways Fluid has repaid approximately $70 million related to USR debts on the BNB and Plasma chains.…

Binance to Delist Key Spot Trading Pairs: What You Need to Know

Binance to Delist Key Spot Trading Pairs: What You Need to Know

Key Takeaways Binance is set to remove several spot trading pairs on March 27, 2026, at 11:00 AM…

Whale Activities in the Crypto Market: A Deep Dive into Recent Trends

Whale Activities in the Crypto Market: A Deep Dive into Recent Trends

Key Takeaways A significant whale deposit occurred 3 hours ago when 5.5 million USDT was moved to Binance…

Circle and Tether Freeze Iranian Exchange Wallex Wallet with $2.49M Assets on Hold

Circle and Tether Freeze Iranian Exchange Wallex Wallet with $2.49M Assets on Hold

Key Takeaways Circle and Tether have frozen a significant amount of assets from an Iranian exchange called Wallex,…

James Wynn Engages in High-Leverage Bitcoin Short Position

James Wynn Engages in High-Leverage Bitcoin Short Position

Key Takeaways James Wynn recently opened a 40x leveraged short position on Bitcoin. His position involves 2.69 BTC,…

Major Whale Opens Significant 20x Leveraged Positions in ETH and BTC

Major Whale Opens Significant 20x Leveraged Positions in ETH and BTC

Key Takeaways Whale 0x049b has executed large 20x leverage positions on 9,256 ETH and 282.47 BTC, totaling over…

New Whale Activity: 33,998 ETH Withdrawn from Kraken

New Whale Activity: 33,998 ETH Withdrawn from Kraken

Key Takeaways A new Ethereum whale with the address starting 0xD77 has withdrawn 33,998 ETH from Kraken. The…

Kalshi early employees: Whoever controls the traffic controls the market

Robinhood can decide where tens of millions of contracts go with the flip of a switch, while the exchanges do all the hard work but cannot control their own fate.

Tether signs contracts with four major audits, Circle's compliance moat collapses, stock price plummets by 20%

USDT, with a market value of 184 billion dollars, is undergoing its first comprehensive inspection in history.

Proudly Introducing Aethir Claw: Your AI Agent, Our Infrastructure

Explore Aethir Claw, an easy-to-deploy AI agent solution that offers fully isolated VPS, encrypted payments, and highly competitive pricing.

Why Buying Gold Can Lead to Bankruptcy

"There is no issue with 'buying gold,' the issue is 'buying whose gold.'"

If the US Treasury yield rises above 5%, will Bitcoin drop below $50,000?

During the US-Iran war, as the bond market exhibited a **"meltdown"** scenario, Bitcoin's upward momentum is showing signs of exhaustion.

Circle Plunges 20%: Crypto Earthquake Triggered by Draft Proposal

Compliance gave Circle both a suit of armor and a ball and chain.

Popular coins

Latest Crypto News

07:42

Mizuho: Mastercard is expected to become a connection layer between cryptocurrency and fiat currency after acquiring BVNK

Investment bank Mizuho stated that after acquiring the stablecoin infrastructure company BVNK, Mastercard is expected to become a "network connector" linking crypto assets with fiat currency systems, further expanding its payment ecosystem.Analysis indicates that stablecoins will not undermine Maste...

07:42

The UK plans to suspend political donations in cryptocurrency, with the Prime Minister stating it is to prevent the risk of illegal funding

UK Prime Minister Keir Starmer stated that the government plans to suspend political donations to parties via cryptocurrency to address the risks of illegal funding flows and potential foreign interference.Starmer pointed out during a parliamentary inquiry that the measure will be introduced as part...

06:42

Milan: Very optimistic about stablecoins, will increase investment in the dollar ecosystem

According to Jinshi reports, Federal Reserve Governor Milan expressed optimism about stablecoins and will invest more funds into the dollar ecosystem.

06:42

The probability of the Federal Reserve keeping interest rates unchanged in April is as high as 94.8%

According to Jinshi reports, CME's "Fed Watch" shows that the probability of the Federal Reserve raising interest rates by 25 basis points in April is 5.2%, while the probability of keeping rates unchanged is as high as 94.8%. In addition, the probability of the Federal Reserve cumulatively raising ...

06:42

Data: 2500 ETH transferred from Independent Reserve, worth approximately 5.4 million USD

According to Arkham data, at 06:20, 2,500 ETH (worth approximately $5.4 million) was transferred from Independent Reserve to an anonymous address (starting with 0x95ca...).