top of page
perceptive_background_267k.jpg

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the web_fetch tool that allows attackers to crash the Gateway process through …

Published:

4 maart 2026 om 23:00:00

Alert date:

5 maart 2026 om 23:13:13

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the web_fetch tool. The vulnerability allows remote attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Attackers can social-engineer users into fetching malicious URLs with pathological HTML structures. This causes server memory exhaustion and service unavailability. The vulnerability affects the web_fetch tool specifically and impacts the Gateway process.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28394
https://github.com/openclaw/openclaw/commit/166cf6a3e04c7df42bea70a7ad5ce2b9df46d147
https://github.com/openclaw/openclaw/security/advisories/GHSA-p536-vvpp-9mc8
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unbounded-response-parsing-in-web-fetch-tool

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page