- Over 170,000 publicly accessible OpenClaw instances face security risks, Qihoo 360 said.
- Qihoo 360 has provided technical support and remediation advice to developers.
Chinese cybersecurity firm Qihoo 360 has discovered a high-risk vulnerability in the OpenClaw platform, following the AI agent's emergence as a global hot topic.
The critical flaw is primarily located in the core media processing module of OpenClaw version 2026.3.13, according to Qihoo 360 security experts in a statement on Monday.
The flaw is described as a severe vulnerability involving a MEDIA protocol prompt injection that bypasses tool permissions to leak local files.
Its core risk lies in the fact that the MEDIA protocol operates at the system's post-output processing layer, a mechanism that allows the protocol to bypass the security restrictions of OpenClaw's platform tools.
Attackers can steal information stored on the target server using only basic member privileges in group chat channels.
The vulnerability affects more than 50 countries and regions worldwide, leaving over 170,000 publicly accessible OpenClaw instances exposed to security risks, Qihoo 360 said.
The security flaw has been officially confirmed by the China National Vulnerability Database of Information Security (CNNVD).
Qihoo 360 has completed the verification and testing of the vulnerability's attack chain, confirming its authenticity and exploitability, and has provided technical support and remediation advice to the developers, it said.
OpenClaw is an open-source AI project that has remained highly popular over the past few months, accumulating up to 340,000 stars on GitHub.
The discovery was made by the Qihoo's self-developed multi-agent collaborative vulnerability mining system, also known as the 360 Vulnerability Mining Agent.
