Tag

Websocket

All articles tagged with #websocket

security4 hours ago•6 min saved

ClawJacked WebSocket Flaw Lets Local OpenClaw AI Agents Be Hijacked

OpenClaw fixed a high-severity vulnerability, dubbed ClawJacked, that let a malicious website abuse a local WebSocket connection to a localhost OpenClaw gateway, brute-force its password, and auto-approve as a trusted device to gain full control over a locally running AI agent. A patch was released in version 2026.2.25 (Feb 26, 2026); users should update and audit access to AI agents. The story sits in a broader context of AI-agent attack surfaces, prior log-poisoning fixes (2026.2.13), related CVEs, and a surge in malicious skills on ClawHub, highlighting the need for isolation, governance, and vigilance against prompt injections.

via The Hacker News|

#ai-agents #cybersecurity #localhost

technology26 days ago•3 min saved

One-Click RCE Flaw Lets Attackers Hijack OpenClaw Gateways

OpenClaw faces a high-severity vulnerability (CVE-2026-25253, CVSS 8.8) that enables one-click remote code execution via a crafted malicious link by exfiltrating the gateway token through a cross-site WebSocket hijack, granting attacker control of the gateway API and the ability to run commands on the host; a fix is in version 2026.1.29 (Jan 30, 2026).

via The Hacker News|

#cve-2026-25253 #openclaw #remote-code-execution

technology2 years ago•0 min saved

"FreeRDP 3.0 Beta Enhances Authentication and Transport with AAD/AVD and WebSocket"

FreeRDP 3.0 Beta 1, the open-source Remote Desktop Protocol implementation, introduces AAD/AVD authentication, WebSocket transport, SmartCard authentication, SmartCard emulation support, rewritten proxy handling, and other improvements. The update also includes full OpenSSL 3 support, updated RDP protocol support, an in-development reference client, improved logging, and support for the graphics redirection channel. FreeRDP 3.0 Beta 1 is available for testing on GitHub.

via Phoronix|

#authentication #freerdp #open-source