DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-J27P-HQ53-9WGC: The Gluttonous AI: Choking OpenClaw with Infinite Streams

#security #cve #cybersecurity #ghsa

The Gluttonous AI: Choking OpenClaw with Infinite Streams

Vulnerability ID: GHSA-J27P-HQ53-9WGC
CVSS Score: 7.5
Published: 2026-02-18

OpenClaw, a popular open-source AI assistant engine, suffered from a critical Denial of Service (DoS) vulnerability due to unbridled resource consumption. By feeding the engine a URL pointing to an infinite stream or a massive base64 payload, an attacker could force the application to allocate memory until the Node.js process crashed (OOM). This report details how the developers relied on 'trusting' the data source and how a simple architectural oversight turned OpenClaw into a memory-leaking time bomb.

TL;DR

OpenClaw failed to implement backpressure or size limits when fetching remote media or decoding base64 inputs. An attacker can trigger a crash (OOM) by supplying a URL that serves an infinite stream of data or a gigabyte-sized base64 string. Fixed in version 2026.2.14 by implementing streaming reads with byte counting.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-400 (Uncontrolled Resource Consumption)
  • CVSS: 7.5 (High)
  • Attack Vector: Network (Remote)
  • Exploit Reliability: High (Deterministic)
  • Impact: Service Crash (Availability)
  • Status: Patched

Affected Systems

  • OpenClaw AI Engine
  • Clawdbot
  • Node.js Applications using openclaw npm package
  • openclaw: < 2026.2.14 (Fixed in: 2026.2.14)
  • clawdbot: <= 2026.1.24-3 (Fixed in: 2026.1.25)

Code Analysis

Commit: 00a0890

fix: limit media fetch size and base64 decode size to prevent OOM

async function readResponseWithLimit(res: Response, maxBytes: number) { ... }
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Research Report: Regression tests in the patch demonstrate the attack vector.

Mitigation Strategies

  • Implement streaming response readers for all external HTTP requests.
  • Enforce strict timeouts on all fetch operations.
  • Calculate Base64 decoded size using mathematical estimation before allocation.

Remediation Steps:

  1. Upgrade openclaw to version 2026.2.14 or later.
  2. Upgrade clawdbot to version 2026.1.25 or later.
  3. Verify maxBytes configuration in your OpenClaw initialization to ensure it matches your infrastructure limits.

References

Read the full report for GHSA-J27P-HQ53-9WGC on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)