GoPlus: OpenClaw Gateway currently has a high-risk vulnerability, please upgrade to version 2026.2.25 or higher immediately

By: rootdata|2026/03/02 13:43:44

GoPlus Chinese community issues a warning, the OpenClaw Gateway has a high-risk vulnerability. Please upgrade to version 2026.2.25 or higher immediately, audit and revoke unnecessary credentials, API keys, and node permissions granted to Agent instances.

The analysis states that OpenClaw operates through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the Agent and is an important component of OpenClaw. This attack targets the vulnerabilities in the Gateway layer, requiring only one condition: the user visits a malicious website controlled by hackers in their browser.

The complete attack chain is as follows: 1. The victim visits a malicious website controlled by the attacker in their browser; 2. JavaScript on the page initiates a WebSocket connection to the OpenClaw gateway on the localhost; 3. Subsequently, the attack script attempts to brute-force the gateway password hundreds of times per second; 4. Upon successful cracking, the attack script silently registers as a trusted device; 5. The attacker gains administrator-level control over the Agent.

As the industrialization capability of AI video matures, the "industrialization singularity" of AI content creation has arrived. Tools like OpenAI, Google Veo, and Runway have achieved controllable creation, significantly lowering the barriers to content production. AI content creators are emerging ...

Tron Industry Weekly Report: Geopolitical Turmoil Escalates, BTC Continues to Test $60,000, Detailed Explanation of the Protocol Konnex for AI Autonomous Collaboration and Settlement on the Chain

TRON Industry Weekly Report

From CTA to AI: The Evolution of Adaptive Quant Strategies in Crypto Markets

Explore how an LLM-powered AI market-neutral trading strategy achieved a 2.75 Sharpe ratio with controlled drawdown. Inside crypto_trade’s adaptive hedging system at the WEEX AI Trading Hackathon.

How 30+ Global Sponsors Powered WEEX AI Trading Hackathon Into a $1.88M Carnival

Discover how 30+ global sponsors including AWS helped power the $1.88M WEEX AI Trading Hackathon, turning AI strategies into live crypto market competition.

Key Market Information Discrepancy on March 2nd - A Must-See! | Alpha Morning Report

1. Top News: Last Night's US-Iran Situation Recap, Iranian High-ranking Officials Killed, Over 200 Ships Stranded in the Strait of Hormuz 2. Token Unlock: $ENA

Iran Missile Strike in Dubai: Three Chinese Nationals Tell Their Story 48 Hours Later

The sound is still in the distance, so the days can still go on.

WLFI is involved in insider dealings again? The banking license controversy under a $500 million investment

The UAE's investment in World Liberty Financial has intensified concerns about whether it receives special treatment and whether it involves national security issues.

Morning News | Iranian Supreme Leader Khamenei Assassinated; Kalshi to Refund Fees for "Will Khamenei Step Down" Related Market; Bitcoin Spot ETF Sees Net Inflow of $787 Million This Week

Overview of Important Market Events on March 1

The harvesting tactics of the quantitative giant Jane Street

Quantitative giant Jane Street has been accused of manipulating the liquidity and derivatives of markets such as the Indian stock market and Bitcoin, earning billions of dollars in the process.

Cryptocurrency ETF Weekly | Last week, the net inflow for Bitcoin spot ETFs in the U.S. was $787 million; the net inflow for Ethereum spot ETFs in the U.S. was $80.2 million

Top universities like Harvard have started to allocate to Bitcoin ETFs in their endowment funds.

WLFI at it Again? Banking License Controversy Amid $500M Investment

The UAE's investment in World Liberty Financial has heightened concerns over whether it received special treatment and whether national security issues are involved

The Aave civil war escalates, Morpho quietly doubles: Is the lending throne about to change hands?

Wall Street asset management giant Apollo Global Management invested $160 million in Morpho.

Dune Stablecoin Research: The Flow and Demand of a $300 Billion Market

In the dataset, transfers are no longer simply labeled as pure "transaction volume," but are classified as different on-chain activities. This is the difference between "just knowing that $100 trillion has been transferred" and "understanding why it was transferred."

More brutal than a bear market, OpenClaw founder advises young people to stay away from crypto

This is not just a disdain for financial nihilism, but also a migration of talent, capital, and attention that is currently happening.