5 matches found
GHSA-XQ3G-M3J8-2VMM Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...
Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...
CVE-2026-32049 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...
CVE-2026-32049
OpenClaw is affected on versions prior to 2026.2.22. The issue concerns enforcement of configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads, triggering elevated memory usage and potential pro...
OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
Summary OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection. Affected Packages / Versions - Package: openclaw npm -...