Cyber Resilience

CVE-2026-29612

MediumPublic PoC

Published: 05 March 2026

Published
05 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v4 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0017 38.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-29612 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-29612, published on 2026-03-05, affects OpenClaw versions prior to 2026.2.14. The vulnerability arises because the software decodes base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. This issue is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating medium severity primarily due to high availability impact.

A local attacker with low privileges can exploit this vulnerability by supplying oversized base64 payloads as media inputs. Although the description references remote attackers, the CVSS vector specifies local access (AV:L). Successful exploitation leads to memory pressure and denial of service through excessive resource consumption.

Mitigation is addressed in the referenced advisories and patch. The GitHub commit at https://github.com/openclaw/openclaw/commit/31791233d60495725fa012745dde8d6ee69e9595 fixes the decoding logic to enforce size limits prior to allocation. The OpenClaw security advisory (https://github.com/openclaw/openclaw/security/advisories/GHSA-w2cg-vxx6-5xjg) and VulnCheck advisory (https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-large-base-media-file-decoding) recommend upgrading to OpenClaw version 2026.2.14 or later.

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local DoS via unbounded base64 media decode causing excessive memory allocation directly enables application/system exploitation for endpoint denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-41400Same product: Openclaw Openclaw
CVE-2026-32011Same product: Openclaw Openclaw
CVE-2026-32049Same product: Openclaw Openclaw
CVE-2026-28461Same product: Openclaw Openclaw
CVE-2026-29609Same product: Openclaw Openclaw
CVE-2026-35627Same product: Openclaw Openclaw
CVE-2026-41399Same product: Openclaw Openclaw
CVE-2026-32980Same product: Openclaw Openclaw
CVE-2026-22178Same product: Openclaw Openclaw
CVE-2026-28478Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of base64 media input size before any decoding or buffer allocation occurs, directly blocking the oversized-payload path in CVE-2026-29612.

prevent

Requires denial-of-service protections that limit resource exhaustion from unbounded memory allocations triggered by crafted base64 inputs.

prevent

Mandates controls on resource availability to prevent a single local process from consuming excessive memory via unchecked base64 decoding.

References