AI Pentest Tool Flaw Allows Agent Hijack
A promising AI pentesting tool that showcased a 96% success rate on an exploit benchmark is vulnerable to a classic attack. The OpenClaw AI agent framework it uses had a high-severity flaw, dubbed 'ClawJacked,' caused by missing rate limiting on its local API, allowing attackers to brute-force passwords and take full control of the agents.
The vulnerability, tracked as CVE-2026-25253, was discovered by researchers at Oasis Security. The flaw stemmed from the OpenClaw gateway's design, which implicitly trusted any connection originating from "localhost," creating a critical security weakness despite the tool's impressive performance benchmarks. An attacker could exploit this by getting a user to visit a malicious website. That site's JavaScript could then open a WebSocket connection to the local OpenClaw agent and, because rate limiting was disabled for localhost, brute-force the password at hundreds of attempts per second without any user alert. Once authenticated, the malicious script could silently register itself as a trusted device without user confirmation. This gave the attacker full control to interact with the AI agent, exfiltrate data from connected apps like Slack, read logs, and execute commands on the user's workstation. The
