PT-2026-35799 · Openclaw · Openclaw
Keensecuritylab
·
Published
2026-04-09
·
Updated
2026-04-29
·
CVE-2026-42420
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.4.8
Description
Improper input validation exists in base64 decode paths that allocate memory before enforcing decoded-size limits. This allows attackers to use crafted base64-encoded input to cause memory exhaustion or a denial of service (a condition where a system becomes unavailable to its intended users).
Recommendations
Update to version 2026.4.8.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw