Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
OpenClaw versions prior to 2026.2.14: Malicious media inputs can cause memory issues
CVE-2026-29612
GHSA-w2cg-vxx6-5xjg
Summary
If you're using OpenClaw, ensure you're running version 2026.2.14 or later. Older versions are vulnerable to a memory-related issue that could lead to service disruptions. Update to a patched version to address the risk.
What to do
- Update steipete openclaw to version 2026.2.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.14 | 2026.2.14 |
| steipete | clawdbot | <= 2026.1.24-3 | – |
| openclaw | openclaw | <= 2026.2.14 | – |
Original title
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attac...
Original description
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.
nvd CVSS3.1
5.5
nvd CVSS4.0
6.8
Vulnerability type
CWE-770
Allocation of Resources Without Limits
CWE-400
Uncontrolled Resource Consumption
- https://github.com/openclaw/openclaw/commit/31791233d60495725fa012745dde8d6ee69e...
- https://github.com/openclaw/openclaw/security/advisories/GHSA-w2cg-vxx6-5xjg
- https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-large-base-m...
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.14
- https://nvd.nist.gov/vuln/detail/CVE-2026-29612
- https://github.com/advisories/GHSA-w2cg-vxx6-5xjg
Published: 5 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026