Listen to this Post
The vulnerability resides in the `fetchWithGuard` function within `src/media/input-files.ts` of OpenClaw and Clawdbot . When the application fetches media from a URL, it uses the `response.arrayBuffer()` method to read the response body. This method loads the entire HTTP response payload into memory as a contiguous buffer before any validation, including the `maxBytes` size limit, is applied. The critical flaw is the order of operations: allocation occurs before enforcement. If the `Content-Length` header is missing or incorrect, or if chunked transfer encoding is used, the `arrayBuffer()` call will proceed to download and buffer the full, potentially enormous, file. An attacker can trivially exploit this by hosting a server that responds with a large payload (e.g., 64MB repeated 1024 times) without a `Content-Length` header. When the vulnerable application fetches this URL, it attempts to allocate the entire response, leading to uncontrolled memory consumption. This memory pressure can exhaust available resources, causing the application or the entire system to become unresponsive or crash, resulting in a denial of service. The issue is fixed in `openclaw` version 2026.2.14 and later, with the patch implemented in commit `00a0890` .
Platform: openclaw/clawdbot
Version: <2026.2.14 / <=2026.1.24-3
Vulnerability: Memory exhaustion
Severity: Critical
Date: 2026-02-18
Prediction: Patch already available
What Undercode Say:
Analytics:
The vulnerability is a classic example of improper resource allocation (CWE-770) in a URL fetching mechanism. By forcing the application to allocate a massive buffer, an attacker can trigger an Out-of-Memory (OOM) condition, effectively taking the service offline.
How Exploit:
The exploit relies on the application fetching a maliciously crafted response. The following Node.js command sets up a server that sends a large payload (64MB 1024 iterations) with chunked encoding, bypassing any `Content-Length` check.
node -e 'require("http").createServer((_,res)=>{res.writeHead(200,{"content-type":"application/octet-stream"});for(let i=0;i<1024;i++)res.write(Buffer.alloc(102464));res.end();}).listen(18888)'
Protection from this CVE:
1. Immediate Update: Upgrade `openclaw` to version 2026.2.14 or later, or `clawdbot` to a version newer than 2026.1.24-3.
2. Mitigation: If an immediate update is not possible, disable all URL-backed media inputs. If disabling is not feasible, restrict allowed URLs to a tight allowlist of trusted hostnames and apply a very conservative `maxBytes` limit to minimize impact.
Impact:
Successful exploitation leads to a complete loss of availability due to memory pressure from attacker-controlled remote media responses. This can crash the OpenClaw/Clawdbot service or destabilize the host system.
References
– Fix Commit: openclaw/openclaw: `00a08908892d1743d1fc52e5cbd9499dd5da2fe0`
– Original Security Report by @vincentkoc
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

