CVE-2026-35633

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22

Description OpenClaw is susceptible to an unbounded memory allocation issue in its remote media HTTP error handling. Attackers can exploit this by sending specially crafted HTTP error responses with large content to remote media endpoints. This causes the application to allocate an excessive amount of memory before error handling can take place, potentially leading to application failure.

Recommendations Update to version 2026.3.22 or later.

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-400CWE-770

Related Identifiers

CVE-2026-35633

GHSA-4QWC-C7G9-4XCW

GHSA-HM63-VWJ4-MJ2Q

Affected Products

Openclaw

CVE-2026-35633

Weakness Enumeration

Related Identifiers

Affected Products

References · 11