CVE-2026-32049
Published: 21 March 2026
Summary
CVE-2026-32049 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application Exhaustion Flood (T1499.003); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 requires denial-of-service protections that directly mitigate resource exhaustion from oversized inbound media payloads bypassing byte limits.
SC-6 enforces resource allocation limits to prevent excessive memory usage and process instability caused by unbounded buffering of remote media.
SI-9 restricts the amounts of information input into the system, addressing the failure to consistently enforce configured byte limits across media ingestion paths.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote oversized media payloads that bypass limits, directly causing application memory exhaustion and DoS via crashes/instability (T1499.003 Application Exhaustion Flood and T1499.004 Application or System Exploitation).
NVD Description
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability.
Deeper analysisAI
CVE-2026-32049 is a vulnerability in OpenClaw versions prior to 2026.2.22, stemming from a failure to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Classified under CWE-770 (Allocation of Resources Without Limits or Throttling), it enables remote attackers to send oversized media payloads, resulting in elevated memory usage and potential process instability. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-03-21T01:17:07.700.
Remote, unauthenticated attackers can exploit this issue over the network with low attack complexity and no user interaction. By transmitting oversized media payloads through affected channel ingestion paths, they bypass intended byte limits, triggering excessive resource allocation that leads to high memory consumption and possible denial-of-service via process crashes or instability.
Advisories recommend upgrading to OpenClaw version 2026.2.22 or later, where the fix is implemented in commit 73d93dee64127a26f1acd09d0403b794cdeb4f5c. Further details on the issue and mitigation are available in the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh and the Vulncheck advisory at https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass.
Details
- CWE(s)