Post #8332

🔥 A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click. A crafted link can steal a gateway token via unvalidated WebSocket origins, enabling full command execution even on localhost-only setups through the user’s browser. 🔗 Details and attack chain → https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html