EUVD-2026-13945
GHSA-xq3g-m3j8-2vmm
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.
AnalysisAI
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consistently enforce configured inbound media byte limits across multiple channel ingestion paths. Remote unauthenticated attackers can exploit this by sending oversized media payloads to cause elevated memory consumption and process instability, leading to denial of service. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Remote unauthenticated attacker sends oversized media payloads to OpenClaw versions prior to 2026.2.22 across any channel ingestion path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a remotely exploitable vulnerability with low attack complexity requiring no authentication or user interaction, resulting in high availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies publicly accessible OpenClaw media ingestion endpoints and crafts HTTP requests containing extremely large media payloads that exceed configured byte limits. By targeting multiple channel ingestion paths simultaneously that lack proper limit enforcement, the attacker triggers unbounded memory allocation, exhausting available RAM and causing the OpenClaw process to become unresponsive or crash, denying service to legitimate users. … |
| Remediation | Upgrade OpenClaw to version 2026.2.22 or later, which contains the fix for the media byte limit enforcement issue as documented in the vendor security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh and the patch commit at https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all OpenClaw instances and confirm versions; assess whether systems process untrusted media uploads from external sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote code execution in OpenClaw before 2026.5.12 allows authenticated operators to bypass the PowerShell execution all
Command injection in OpenClaw before 2026.5.18 allows authenticated attackers to modify shell wrapper argv between appro
Arbitrary code execution in OpenClaw before 2026.5.27 lets attackers hijack the Homebrew executable resolved during skil
Authentication bypass in OpenClaw before 2026.5.22 allows authenticated network attackers to spoof locality information
Privilege escalation in OpenClaw before 2026.5.18 allows WebSocket-connected Control UI clients to claim operator.admin
Share
External POC / Exploit Code
Leaving vuln.today