--- title: "AI TRENDS | High-Risk Vulnerability Discovered in OpenClaw Platform" type: "News" locale: "en" url: "https://longbridge.com/en/news/281124568.md" description: "A high-risk vulnerability has been discovered in the OpenClaw platform, affecting over 170,000 instances globally. Identified by the 360 Digital Security Group and confirmed by the CNNVD, the flaw allows attackers to bypass security controls through the MEDIA protocol. This vulnerability can lead to unauthorized access to sensitive server information, posing significant risks for cyber attacks." datetime: "2026-03-31T04:53:33.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/281124568.md) - [en](https://longbridge.com/en/news/281124568.md) - [zh-HK](https://longbridge.com/zh-HK/news/281124568.md) --- # AI TRENDS | High-Risk Vulnerability Discovered in OpenClaw Platform A high-risk vulnerability has been identified in the OpenClaw platform, according to PANews. The discovery was made by the 360 Digital Security Group, which developed the 360 Multi-Agent Collaborative Vulnerability Mining System. The flaw, known as the MEDIA protocol prompt injection bypass tool permission leak local file vulnerability, has been officially confirmed by the National Information Security Vulnerability Database (CNNVD). This vulnerability affects over 170,000 publicly accessible OpenClaw instances across more than 50 countries and regions worldwide. The core risk lies in the MEDIA protocol operating at the output post-processing layer, allowing attackers to bypass platform tool policy controls. Even if an agent disables all tool calls, attackers can exploit basic group chat member permissions to initiate attacks and directly steal sensitive server information, potentially leading to further cyber attacks. ### Related Stocks - [601360.CN](https://longbridge.com/en/quote/601360.CN.md) - [OpenAI.NA](https://longbridge.com/en/quote/OpenAI.NA.md) ## Related News & Research - [OpenAI is said to have bought Weights.gg, a voice cloning startup](https://longbridge.com/en/news/286648936.md) - [OpenAI brings Codex coding tool to ChatGPT mobile app](https://longbridge.com/en/news/286470573.md) - [AI face is taking over — and driving plastic surgeons crazy](https://longbridge.com/en/news/286641783.md) - [Jack Antonoff tells people who are making AI art to 'drive right off that cliff'](https://longbridge.com/en/news/286592426.md) - [OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices](https://longbridge.com/en/news/286432898.md)