🤖 Ghostwritten by Claude Opus 4.6 · Fact-checked & edited by GPT 5.4 · Curated by Tom Hundley
If you're running an older version of OpenClaw, upgrade to v2026.3.11 as soon as possible. This release fixes a cross-site WebSocket hijacking issue that could let a malicious website send commands to your OpenClaw instance through your browser session. If your instance is reachable from a browser, this is worth treating as urgent.
This article focuses on two practical questions: how to upgrade, and how to verify the protection is actually active after the upgrade. It also covers the release's smaller usability improvements, including macOS polish, easier Ollama setup, and Discord auto-threading. For a deeper technical breakdown of the vulnerability itself, see our OpenClaw v2026.3.11 Security Fix Guide.
TL;DR: Before v2026.3.11, a malicious site could potentially open a WebSocket connection to OpenClaw from your browser and issue commands unless the server validated the request origin.
WebSockets are persistent, two-way connections between a browser and a server. They're useful for live interfaces, but they also create a security risk if the server accepts connections without checking where they came from.
In this case, the concern is cross-site WebSocket hijacking: you have OpenClaw open or otherwise reachable in your browser, you visit a malicious page in another tab, and that page attempts to open its own WebSocket connection to your OpenClaw instance. If the server does not validate the Origin header during the handshake, it may treat that connection as legitimate.
The fix is straightforward in concept: origin validation. OpenClaw should now reject WebSocket connections that do not come from an approved origin. That aligns with standard web security guidance, including OWASP testing guidance that specifically calls for validating WebSocket origins during security reviews.
One caution: the exact severity depends on how your OpenClaw instance is exposed. A localhost-only setup is generally less exposed than a publicly reachable instance, but either way, upgrading is the right move.
TL;DR: The upgrade path depends on how you installed OpenClaw, but in most cases it should take only a few minutes.
If you run OpenClaw in Docker, pull the updated image and restart the container or stack.
docker pull openclaw/openclaw:latestdocker compose down && docker compose up -dIf your environment pins a specific image tag rather than latest, update that tag in your compose file before restarting.
If you installed OpenClaw globally with npm, update the package and restart the app.
npm update -g openclawDepending on how the package is published, some environments may require npm install -g openclaw@latest instead of npm update -g openclaw. Check the project's official release notes if the update command does not move you to the new version.
Download the current release from the official OpenClaw release source and replace the application files according to the project's instructions. Before you do, it's smart to back up your workspace, especially if you've customized prompts, agent settings, or local data.
| Upgrade Method | Typical Time | Difficulty | Notes |
|---|---|---|---|
| Docker | 3-5 minutes | Easy | Pull image, restart container |
| npm | 2-5 minutes | Easy | Update package, restart app |
| Manual install | 5-10 minutes | Moderate | Download release, replace files |
TL;DR: After upgrading, test from a different site origin and confirm OpenClaw rejects the WebSocket connection.
Seeing the new version number is helpful, but it does not prove the protection is active. A quick browser test gives you more confidence.
https://example.com.const ws = new WebSocket('ws://localhost:YOUR_PORT/ws');
ws.onopen = () => console.log('Unexpectedly connected');
ws.onerror = () => console.log('Connection blocked');
ws.onclose = (event) => console.log('Closed', event.code, event.reason);A few important caveats:
error, others as a fast close, and some may log details only in the network panel.wss://, not ws://.So the real success condition is not a specific console string. It's that a cross-origin WebSocket attempt fails instead of establishing a usable session.
If you want a broader hardening checklist after the upgrade, our post on securing self-hosted AI tools is a good next step.
TL;DR: The security fix is the main reason to upgrade, but the release also appears to improve macOS UX, Ollama setup, and Discord conversation handling.
The release notes referenced in the original draft describe macOS interface improvements. Without official release documentation included here, it's safest to describe these as UI refinements rather than specific platform-level behavior changes. If you're on macOS, expect polish rather than a workflow overhaul.
Ollama is a popular way to run local models. If v2026.3.11 adds a smoother onboarding flow, that's a meaningful improvement for users who want local inference without relying on hosted APIs. The practical benefit is less setup friction and fewer configuration mistakes.
If you use OpenClaw with Discord, automatic thread creation can help keep channels readable by separating conversations into their own threads. That's especially useful in busy communities where a single channel can otherwise become hard to follow.
If you've customized your environment, your workspace markdown files and related configuration should still be worth reviewing after any upgrade. Our guide to workspace markdown files like SOUL.md and BOOTSTRAP.md explains what to preserve and what to audit.
Potentially, yes. A localhost-only setup is usually safer than a public deployment, but browser-based attacks can still target services listening on local ports if the application accepts cross-origin requests or WebSocket handshakes without proper validation. The exposure is lower than an internet-facing instance, not zero.
It should not, assuming OpenClaw stores user data separately from application binaries or containers. That said, storage layout varies by install method. Back up your workspace and any local configuration before upgrading so you can recover quickly if your environment is customized.
The simplest method is the version shown in the OpenClaw interface, if the app exposes it there. In Docker-based setups, you can also inspect the running container image and tag, but that only helps if your deployment uses clear version tags rather than latest.
It should not if the fix is implemented correctly. In most modern applications, origin validation is enforced server-side as part of the WebSocket handshake. Still, if you run OpenClaw behind a proxy or custom domain setup, test it after upgrading to make sure the expected origin is being passed and validated correctly.
If your own code accepts browser-initiated WebSocket connections, validate the Origin header and authenticate the session explicitly. Origin checks are helpful, but they are not a substitute for authentication and authorization. Treat them as one layer in a broader defense-in-depth approach.
OpenClaw v2026.3.11 is the kind of release that deserves immediate attention: a security fix first, convenience improvements second. Upgrade, restart cleanly, and run a quick cross-origin test so you know the protection is active in your environment.
If you want help reviewing a self-hosted AI stack for common security gaps, contact Elegant Software Solutions. We help teams harden developer tooling, deployment workflows, and AI-enabled applications before small mistakes turn into bigger incidents.
Discover more content: