PT-2026-23565 · Openclaw+1 · Openclaw+1
Vincent Koc
·
Published
2026-02-14
·
Updated
2026-03-11
·
CVE-2026-29612
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.2.14
clawdbot versions prior to 2026.1.24-3
Description
The software decodes base64-backed media inputs into buffers before enforcing decoded-size budget limits. Attackers can supply oversized base64 payloads, leading to large memory allocations and potentially causing memory pressure and denial of service. Deployments binding the gateway to loopback with gateway authentication for HTTP endpoints are considered a local/authorized denial of service risk. Exposure to untrusted networks without adequate authentication and rate limits elevates the risk to a network denial of service.
Recommendations
Update OpenClaw to version 2026.2.14 or later.
Migrate from clawdbot to OpenClaw.
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw
Clawdbot