CVE-2026-32049

HIGH openclaw NVD

CVSS Score 7.5

Severity HIGH

Published Mar 21, 2026

Vendor openclaw

Description

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.

References

https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c
https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass