Blockchain

Chinese cybersecurity firm 360 has discovered a high-risk vulnerability in OpenClaw.

2026-03-31 13:49:39

High-Risk OpenClaw Vulnerability Exposes 170K+ Instances Globally

Security researchers have uncovered a high-risk vulnerability in OpenClaw. The flaw, discovered by 360 Digital Security Group's multi-agent vulnerability mining system, targets the MEDIA protocol. It allows attackers to bypass tool permissions and leak local files via prompt injection.

gettyimages-2259460070-e1771201178736.png

The vulnerability has been officially confirmed by CNNVD. It affects over 170,000 publicly accessible OpenClaw instances across more than 50 countries and regions worldwide.

Here's why it's dangerous. The MEDIA protocol runs in the output post-processing layer, which can completely bypass the platform's tool policy controls. Even if an agent has all tool calls disabled, an attacker with basic group chat member privileges can exploit this flaw to steal sensitive server information—potentially opening the door to further attacks.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Recommended reading: