360 Smart Agent detects high-risk OpenClaw vulnerability, potentially affecting 170,000 instances worldwide

金色财经_ · 2026-03-31T11:03:14+00:00

360 Digital Security Group's self-developed multi-agent collaborative vulnerability discovery system has identified critical vulnerabilities on the OpenClaw platform, affecting over 50 countries worldwide. 170,000 instances are at security risk, and attackers can exploit these vulnerabilities to bypass permissions and directly steal sensitive information.

金色财经_

2026-03-31 11:03:14

Abstract generation in progress

Golden Finance reports: On March 31, according to the Guoshi Direct Express, it was recently learned from 360 Digital Security Group that its independently developed 360 multi-agent coordinated vulnerability mining system has discovered a high-severity vulnerability on the OpenClaw platform—an MEDIA protocol prompt injection vulnerability that bypasses tool permissions and leads to local file exposure. The vulnerability has been officially confirmed by the National Information Security Vulnerability Database (CNNVD). It affects more than 50 countries and regions worldwide, and more than 170,000 publicly accessible OpenClaw instances face security risks. According to the report, the core risk of the vulnerability is that the MEDIA protocol operates in the post-processing layer after output, which can completely bypass the platform’s tool strategy controls. Even if the Agent disables all tool calls, an attacker can still launch the attack using only the permissions of ordinary members in a group chat, directly stealing sensitive information from the server and easily triggering subsequent network attacks.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.