CVE-2026-29609 OpenClaw — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Affected Versions	before 2026.2.14
Type	CWE-770 (Allocation Without Limits (Выделение ресурсов без ограничений))
Vendor	OpenClaw
Public PoC	No

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire response payloads in memory before enforcing maxBytes limits. Remote attackers can trigger memory exhaustion by serving oversized responses without content-length headers to cause availability loss.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

None

Нет модификации данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-770 Allocation Without Limits (Выделение ресурсов без ограничений)

References 3

https://github.com/openclaw/openclaw/commit/00a08908892d1743d1fc52e5cbd9499dd5d…

disclosure@vulncheck.com

https://github.com/openclaw/openclaw/security/advisories/GHSA-j27p-hq53-9wgc

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unbounded-u…

disclosure@vulncheck.com

Menu

CVE-2026-29609

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice