← volver
CVE-2026-32049

OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass

CVSS 8.7 HIGHEPSS 0.5%CWE-770
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Productos afectados
OpenClaw · OpenClaw

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5chttps://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrhhttps://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass