OpenClaw exposed a local WebSocket server that did not validate the Origin header on incoming connections. Any website a user visited while OpenClaw was running could open a WebSocket and send tool execution commands. With default tool execution enabled, this resulted in remote code execution as the OpenClaw process owner. Patched in 2026.2.10 (January 27, 2026).
Deeper reading
Related terms
Found a definition that's wrong, dated or could be sharper? Email us — we update with attribution unless you'd rather we didn't.