GoPlus: OpenClaw Gateway currently has a high-risk vulnerability, please upgrade to version 2026.2.25 or higher immediately
By: rootdata|2026/03/02 13:43:44
0
Share
GoPlus Chinese community issues a warning, the OpenClaw Gateway has a high-risk vulnerability. Please upgrade to version 2026.2.25 or higher immediately, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances.
The analysis states that OpenClaw operates through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. This attack targets the vulnerabilities in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers in their browser.
The complete attack chain is as follows: 1. The victim visits a malicious website controlled by the attacker in their browser; 2. JavaScript on the page initiates a WebSocket connection to the OpenClaw gateway on the localhost; 3. Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second; 4. Upon successful cracking, the attack script silently registers as a trusted device; 5. The attacker gains administrator-level control over the Agent.
You may also like
a16z founder's Stanford lecture: Whenever Wall Street and Silicon Valley have different ideas, it's Wall Street that ends up being wrong
Ben Horowitz, co-founder of a16z, delivered a powerful talk: The two traditional moats of software in the AI era have been erased, and entrepreneurs must seek "new barriers" beyond code and UI.
Michael Saylor: After three consecutive quarters of losses, Strategy will sell Bitcoin to pay dividends
After MSTR's financial report showed continued net losses, Saylor changed his stance: Bitcoin is no longer "never to be sold" and can be used as a payment tool.
The toll station at Hormuz and the RMB that cannot be bought
The disorder of the US dollar is giving rise to a new situation in global settlement: gold is being redefined as a "bridge," the CIPS system is expanding rapidly, and global funds are quietly opening up a new channel for the renminbi, which is "hard to obtain."
Interview with Coinbase Institutional's Strategic Head: The Institutionalization of Crypto Reaches a Critical Point
Coinbase executives provide an in-depth analysis: Unfazed by short-term market panic, institutions are accelerating their entry, and tokenization along with the "exchange of everything" is about to completely reconstruct the global financial infrastructure.
Dialogue with Agora CEO Nick: The battle for stablecoin licenses has just begun
Agora strikes: officially applies for a federal trust bank license in the United States, elevating from a stablecoin issuer to "underlying financial infrastructure," targeting the trillion-dollar enterprise payment and B2B settlement market.
Morning Report | a16z Crypto completes $2.2 billion fundraising for its fifth fund; Bullish invests $4.2 billion to acquire share transfer agency Equiniti; PayPal's Q1 performance exceeds expectations
Overview of Important Market Events on May 5th
a16z Crypto: What We See Behind the $2.2 Billion New Fund
After the noise subsides, what remains is often more useful than it appeared at its peak and more enduring than it seemed at its lowest point.
Web3 is dead, Web2+3 should rise
We are not aiming to hold a self-indulgent party for Web3 practitioners, but rather to build a bridge for rational connection between Web2 and Web3.
Stablecoins and Latin American Remittances: The Misunderstood $174 Billion Market
In the Latin American remittance market, the real protagonists have never been the young people speculating on cryptocurrencies, but rather the 50-year-old workers who send money to their mothers every month. They don't care about blockchain; they only care about whether the money has arrived.
The arrival of the Web 3.0 era: A review of Hong Kong court rulings on digital assets
Hong Kong judiciary landmark: The court officially recognizes cryptocurrency as legal property and introduces the "tokenized injunction" to track and freeze involved funds, comprehensively upgrading the protection of digital asset investors.
Track Markets At a Glance: New WEEX Price Widgets for iOS & Android
To streamline your market data access, WEEX has officially launched "Market Watchlist" desktop widgets
The billion-dollar lesson: The focus of DeFi security is shifting from code to operational governance
Warning of nearly $1 billion loss in DeFi: Security pain points have shifted from code vulnerabilities to permissions and operations. Introducing TradFi bank-level risk control and AI defenses is the way to balance openness and security.
A Brief Analysis of Stablecoin Licenses and On-Chain Funding
Hong Kong accelerates the layout of digital finance, providing a panoramic analysis of the evolution of three major on-chain financial forms: central bank digital currency, deposit tokens, and stablecoins, along with future opportunities.
BVNK Founder: Three Stages of Stablecoin Development
Once payments become faster, cheaper, and globally interconnected, stablecoins will not just open up a new market, but a new realm with boundaries that are not yet visible today.
The truth about Trump's son's Bitcoin game: he made a staggering $100 million while retail investors lost $500 million
The Trump family has a family skill: to exaggerate and make something sound bigger than it actually is.
What Is Futures Trading? Hours, Platforms, and How to Start Trade Futures(2026 Guide)
Learn how to start futures trading, understand trading hours, and choose the best futures trading platform. Includes real data, strategies, and ways to maximize returns with rebates.
The Rise of Composable RWA
27 billion RWA funds are undergoing a major reshuffle: U.S. Treasury bonds are "cooling off," while high-yield credit assets are quietly dominating the DeFi lending market with permissionless designs. This article reveals the explosive logic behind composable RWA.
MAGA Up 350% in 24 Hours, PEPE Up 46% in One Day: Which Memecoins Are Next in 2026?
MAGA +350% in 24hrs. PEPE +46% in one day. RAVE +4,500% then -90%. In 2026's memecoin market, the gains are real. So are the traps? Here's how to tell the difference before you buy.
a16z founder's Stanford lecture: Whenever Wall Street and Silicon Valley have different ideas, it's Wall Street that ends up being wrong
Ben Horowitz, co-founder of a16z, delivered a powerful talk: The two traditional moats of software in the AI era have been erased, and entrepreneurs must seek "new barriers" beyond code and UI.
Michael Saylor: After three consecutive quarters of losses, Strategy will sell Bitcoin to pay dividends
After MSTR's financial report showed continued net losses, Saylor changed his stance: Bitcoin is no longer "never to be sold" and can be used as a payment tool.
The toll station at Hormuz and the RMB that cannot be bought
The disorder of the US dollar is giving rise to a new situation in global settlement: gold is being redefined as a "bridge," the CIPS system is expanding rapidly, and global funds are quietly opening up a new channel for the renminbi, which is "hard to obtain."
Interview with Coinbase Institutional's Strategic Head: The Institutionalization of Crypto Reaches a Critical Point
Coinbase executives provide an in-depth analysis: Unfazed by short-term market panic, institutions are accelerating their entry, and tokenization along with the "exchange of everything" is about to completely reconstruct the global financial infrastructure.
Dialogue with Agora CEO Nick: The battle for stablecoin licenses has just begun
Agora strikes: officially applies for a federal trust bank license in the United States, elevating from a stablecoin issuer to "underlying financial infrastructure," targeting the trillion-dollar enterprise payment and B2B settlement market.
Morning Report | a16z Crypto completes $2.2 billion fundraising for its fifth fund; Bullish invests $4.2 billion to acquire share transfer agency Equiniti; PayPal's Q1 performance exceeds expectations
Overview of Important Market Events on May 5th
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
