EUVD-2026-13945
GHSA-xq3g-m3j8-2vmm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5Tags
Description
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.
Analysis
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consistently enforce configured inbound media byte limits across multiple channel ingestion paths. Remote unauthenticated attackers can exploit this by sending oversized media payloads to cause elevated memory consumption and process instability, leading to denial of service. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all OpenClaw instances and confirm versions; assess whether systems process untrusted media uploads from external sources. Within 7 days: Apply vendor patch to upgrade all affected instances to version 2026.2.22 or later in a staged manner, starting with production systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today