Marky avatar

If you are running openclaw, make sure you are updated.

themarkymark

Published: 04 Mar 2026 › Updated: 04 Mar 2026If you are running openclaw, make sure you are updated.

If you are running openclaw, make sure you are updated.

image.png

Openclaw has a vulnerability that was patched in v2026.2.25 that fixes a major vulnerability that can allow malicious websites to hijack local AI agents.

The gist of it is this:

  • Openclaw visits website
  • Javascript opens connection to gateway via web sockets
  • The gateway token is brute forced
  • Remote site registers itself as a trusted device
  • Game Over Man

This of course requires your gateway to be exposed to the Internet, which none of you are doing, right? RIGHT?

You can read more about the vulnerability here

You can enable auto updates in your openclaw.json configuration if you want to auto update.

Just add this section to your openclaw.json file, I like to have it up top right after "wizard" as it is most appropriate there.

  "update": {
    "channel": "stable",
    "checkOnStart": false,
    "auto": {
      "enabled": true,
      "stableDelayHours": 6,
      "stableJitterHours": 12,
      "betaCheckIntervalHours": 1
    }
  },

Are you using openclaw?

If so, say something in the comments. I thought about posting some tips on using openclaw as I get deeper into it.

If you are using it, what are you using it for?

Leave If you are running openclaw, make sure you are updated. to:

Written by

Browncoat | Meme Connoisseur | Bitcoin Evangelist | Dev | Gamer | Technical Samurai | AI Nerd | Hive Witness | Black Belt in Dad Jokes

Read more #openclaw posts


Best Posts From Marky

We have not curated any of themarkymark's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.

More Posts From Marky