Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CVE-2026-42420: OpenClaw before 2026.4.8 allows memory exhaustion via crafted input
CVE-2026-42420
Summary
OpenClaw, a software used for [insert purpose], is affected by a security flaw that can cause it to run out of memory when processing certain types of input. This can lead to the software crashing or becoming unresponsive. To fix this issue, update OpenClaw to version 2026.4.8 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| openclaw | openclaw |
< 2026.4.8 cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* |
Original title
OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memo...
Original description
OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input.
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-770
Allocation of Resources Without Limits
Published: 28 Apr 2026 · Updated: 15 Jun 2026 · First seen: 28 Apr 2026