What is CVE-2026-32049?

CVE-2026-32049 is a high-severity vulnerability in Openclaw, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-03-21.

How severe is CVE-2026-32049?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Openclaw

CVE-2026-32049

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger ele…

EPSS: 0.002 (39.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Openclaw — versions 0, 2026.2.22

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

GitHub Security Advisory (GHSA-rxxp-482v-7mrh) (third-party-advisory)
Patch Commit (patch)
VulnCheck Advisory: OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass (third-party-advisory)

Frequently asked questions

What is CVE-2026-32049?: CVE-2026-32049 is a high-severity vulnerability in Openclaw, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2026-03-21.
How severe is CVE-2026-32049?: High severity. CVSS v3 base score is 7.5 out of 10.