Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.9

OpenClaw can be crashed by huge images

GHSA-w85g-3h6x-4xh2
Summary

A bug in OpenClaw's image processing can cause it to crash when dealing with extremely large images, leading to a denial-of-service (DoS) situation. This affects users who rely on OpenClaw for image processing. To fix this issue, update to the latest version of OpenClaw, which is 2026.3.31 or later.

What to do
  • Update openclaw to version 2026.3.31.
Affected software
VendorProductAffected versionsFix available
openclaw <= 2026.3.28 2026.3.31
Original title
OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS
Original description
## Summary
Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS

## Current Maintainer Triage
- Status: open
- Normalized severity: medium
- Assessment: Shipped v2026.3.28 image processing could fail open on oversized pixel counts and allow decompression-bomb DoS, an availability issue that is valid at medium.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `0ed4f8a72bb140045962e97ab01c94c076b758a4` — 2026-03-31T22:52:55+09:00

OpenClaw thanks @AntAISecurityLab for reporting.
ghsa CVSS4.0 6.9
Vulnerability type
CWE-770 Allocation of Resources Without Limits
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026