CVE-2026-32049

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.

Vulnerability Details

Published Date

March 21, 2026

Last Modified

March 23, 2026

CWE ID

CWE-770

Source

NVD

Vendor

OpenClaw

Product

OpenClaw

External References

https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c
https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass

CVE-2026-32049

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment