CVE-2026-32049

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2026-32049

Affected Products

Openclaw

CVE-2026-32049

Weakness Enumeration

Related Identifiers

Affected Products

References · 4