Medium severity5.3NVD Advisory· Published Apr 9, 2026· Updated Apr 15, 2026
CVE-2026-35633
CVE-2026-35633
Description
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.22 | 2026.3.22 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87nvdPatchWEB
- github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438nvdPatchWEB
- github.com/advisories/GHSA-4qwc-c7g9-4xcwghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcwnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-35633ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responsesnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.