March 31, 2026 – Recently, 360 Digital Security Group’s self-developed 360 Multi-Agent Collaborative Vulnerability Mining System has made a significant discovery on the OpenClaw platform. A high-risk vulnerability, namely the MEDIA Protocol Prompt Injection that bypasses tool permissions, has been identified, which can lead to the leakage of local files.
This vulnerability has been officially confirmed by the China National Vulnerability Database (CNNVD). It has an extensive impact, covering more than 50 countries and regions around the world. Over 170,000 publicly accessible OpenClaw instances are at risk of security breaches.
This finding marks another important breakthrough for 360 in the field of agent vulnerability mining. Previously, 360 had disclosed relevant security vulnerabilities on OpenClaw and received a confirmation letter from the platform’s founder. This latest achievement further underscores 360’s technological leadership in the global AI agent security landscape.
According to 360 security experts, the high-risk vulnerability is located in the core media processing module of OpenClaw version 2026.3.13. It has three prominent characteristics: a low attack threshold, a wide impact range, and a high degree of harm.
The core risk of this vulnerability lies in the fact that the MEDIA Protocol operates at the post-output processing layer, allowing it to completely bypass the platform’s tool policy controls. Even if an agent disables all tool calls, an attacker can still launch an attack with just basic group chat member permissions. This enables the direct theft of sensitive server information, which can easily trigger subsequent cyber attacks.
In response to this vulnerability, 360 has independently completed the verification and practical testing of the attack chain, fully confirming its authenticity and exploitability. The company has also provided professional technical support and repair suggestions to the platform operator.
