CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

EUVD-2026-26115

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

CVE-2026-41408 OpenClaw < 2026.3.31 - Disk Exhaustion via Media Download Bypass

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

CVE-2026-41408

CVE-2026-41408 concerns OpenClaw before 2026.3.31, where a resource-exhaustion flaw in media downloads bypasses safety limits for file size, count, and cleanup, enabling potential disk-space exhaustion and availability impact. The advisory notes this is an availability-risk issue (low to medium s...

EUVD-2026-26107

OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...

Kea: Kea: Denial of Service via maliciously crafted message

A flaw was found in Kea. A remote attacker can send a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener. This can cause a stack overflow error, leading to the daemon exiting and resulting in a Denial of...

PT-2026-35791

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A resource exhaustion issue exists in media downloads that bypasses core safety limits regarding file size, count, and cleanup operations. This allows attackers to exhaust disk space by...

OPENSUSE-SU-2026:10643-1 php-composer2-2.9.7-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10629-1 PackageKit-1.3.5-1.1 on GA media

These are all security issues fixed in the PackageKit-1.3.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10635-1 hauler-1.4.2-1.1 on GA media

These are all security issues fixed in the hauler-1.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from accepting unlimited concurrent unauthenticated WebSocket upgrades, which could allow unauthenticated...

OPENSUSE-SU-2026:10649-1 sed-4.10-1.1 on GA media

These are all security issues fixed in the sed-4.10-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10641-1 libixml11-1.18.5-1.1 on GA media

These are all security issues fixed in the libixml11-1.18.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10646-1 python311-pyOpenSSL-26.1.0-1.1 on GA media

These are all security issues fixed in the python311-pyOpenSSL-26.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10648-1 python315-3.15.0~a8-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a8-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10631-1 distribution-registry-3.1.0-1.1 on GA media

These are all security issues fixed in the distribution-registry-3.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10640-1 libpng12-0-1.2.59-5.1 on GA media

These are all security issues fixed in the libpng12-0-1.2.59-5.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10627-1 chromedriver-148.0.7778.56-1.1 on GA media

These are all security issues fixed in the chromedriver-148.0.7778.56-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10628-1 pocketbase-0.37.3-1.1 on GA media

These are all security issues fixed in the pocketbase-0.37.3-1.1 package on the GA media of openSUSE Tumbleweed...

libminizip1-1.3.1-2.1 on GA media (moderate)

libminizip1-1.3.1-2.1 on GA media Announcement ID: openSUSE-SU-2026:10617-1 Rating: moderate Cross-References: CVE-2026-27171 CVSS scores: CVE-2026-27171 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-27171 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA...