OpenClaw < 2026.2.13 - Denial of Service via Unbounded Webhook Request Body Buffering

OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without strict byte or time limits. Remote unauthenticated attackers can send oversized JSON payloads or slow uploads to webhook endpoints causing memory pressure and availability degradation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

不加限制或调节的资源分配

OpenClaw 安全漏洞

OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.13之前版本存在安全漏洞，该漏洞源于Webhook处理程序缓冲请求主体时没有严格的字节或时间限制，可能导致远程未经验证的攻击者发送过大的JSON有效载荷或慢速上传，造成内存压力和可用性下降。

N/A

N/A