Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 5 npm packages depend on openclaw (5 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.22.
DescriptionCVE.org
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.
AnalysisAI
OpenClaw before version 2026.3.22 allows remote attackers to trigger denial of service through unbounded memory allocation in HTTP error handling for remote media endpoints. By sending specially crafted HTTP error responses with large bodies, unauthenticated attackers can exhaust application memory, causing availability degradation. The vulnerability requires only network access and no user interaction, making it a practical attack vector for service disruption.
Technical ContextAI
The vulnerability exists in OpenClaw's remote media HTTP error handling mechanism, classified as CWE-789 (Uncontrolled Memory Allocation). The root cause is insufficient input validation and bounds checking when processing HTTP error responses from remote media sources. When the application receives an HTTP error response, it allocates memory to store the error body without proper size limits or early termination conditions. An attacker can exploit this by controlling or manipulating HTTP responses to remote media endpoints (via man-in-the-middle, DNS hijacking, or compromised upstream servers) and injecting arbitrarily large payloads. The unbounded allocation occurs before the application's failure handling logic executes, allowing memory exhaustion before protective mechanisms can intervene. This is a classic resource exhaustion vulnerability affecting network-facing input processing.
RemediationAI
Upgrade OpenClaw to version 2026.3.22 or later, which contains the fix. Two upstream commits have been identified-commit 630f1479c44f78484dfa21bb407cbe6f171dac87 and commit 81445a901091a5d27ef0b56fceedbe4724566438-both available in the project repository at https://github.com/openclaw/openclaw. For detailed remediation guidance and confirmation of patched releases, consult the vendor security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw) and VulnCheck advisory (https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses). Until patching is possible, implement network-level monitoring and rate limiting on remote media endpoints to detect and block anomalously large HTTP error responses.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21122
GHSA-4qwc-c7g9-4xcw