GoPlus: OpenClaw Gateway Vulnerability Disclosure, Users Must Upgrade to version 2026.2.25 or higher

BlockBeats News, March 2nd, according to GoPlus monitoring, OpenClaw Gateway has a high-risk vulnerability, users need to upgrade to version 2026.2.25 or higher. At the same time, audit and revoke unnecessary credentials, API keys, and node permissions granted to proxy instances.

OpenClaw runs through a WebSocket Gateway bound to the localhost, which serves as the core coordination layer for the proxy and is a critical part of OpenClaw. This attack targets vulnerabilities in the Gateway layer to allow users to access malicious websites controlled by hackers through their browsers.