金色财经
金色财经|Mar 31, 2026 04:43
[360 Intelligent System Discovers High-Risk Vulnerability in OpenClaw, Potentially Affecting 170,000 Instances Worldwide] Reported by Jinse Finance on March 31, citing Guoshi Direct, it was recently learned from 360 Digital Security Group that its independently developed 360 Multi-Agent Collaborative Vulnerability Detection System has discovered a high-risk vulnerability in the OpenClaw platform—MEDIA protocol prompt injection bypassing tool permissions and leaking local files. This vulnerability has been officially confirmed by the National Information Security Vulnerability Database (CNNVD), with its impact spanning over 50 countries and regions worldwide, putting more than 170,000 publicly accessible OpenClaw instances at security risk. According to the report, the core risk of this vulnerability lies in the fact that the MEDIA protocol operates at the post-output processing layer, completely bypassing platform tool policy controls. Even if the Agent disables all tool calls, attackers can initiate attacks with only basic group chat member permissions, directly stealing sensitive server information and easily triggering subsequent cyberattacks.
Share To

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads