CVE-2026-29609 Overview
CVE-2026-29609 is a denial of service vulnerability affecting OpenClaw versions prior to 2026.2.14. The vulnerability exists in the fetchWithGuard function, which allocates entire response payloads in memory before enforcing maxBytes limits. This design flaw allows remote attackers to trigger memory exhaustion by serving oversized responses without content-length headers, resulting in availability loss for affected systems.
Critical Impact
Remote attackers can cause complete service unavailability by exhausting server memory through unbounded URL-backed media fetches, requiring no authentication or user interaction.
Affected Products
- OpenClaw versions prior to 2026.2.14
Discovery Timeline
- 2026-03-05 - CVE-2026-29609 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-29609
Vulnerability Analysis
This vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The core issue stems from improper resource management in the media fetching functionality. When OpenClaw processes URL-backed media requests, the fetchWithGuard function retrieves the entire response payload into memory before checking whether it exceeds the configured maxBytes limit.
An attacker exploiting this vulnerability can craft a malicious server that streams data without providing a Content-Length header. Since the size validation occurs after the data has already been allocated in memory, the application continues consuming memory until either the malicious stream ends or the system's memory is exhausted. This creates a network-based denial of service attack vector that requires no authentication and no user interaction.
Root Cause
The root cause is the absence of streaming-aware size enforcement in the fetchWithGuard function. The original implementation trusted the remote server to provide accurate content-length information or accumulated the entire payload before performing bounds checking. This violates the principle of fail-fast resource validation, where resource limits should be enforced incrementally during data acquisition rather than after complete allocation.
Attack Vector
The attack leverages network-accessible media fetch functionality. An attacker can:
- Host a malicious HTTP server that responds without Content-Length headers
- Trigger OpenClaw to fetch media from the attacker-controlled URL
- Stream an arbitrarily large response payload
- Exhaust server memory before any size limits are enforced
The attack requires no privileges and can be executed remotely against any OpenClaw instance that processes external media URLs.
The security patch introduces proper payload size estimation and validation before memory allocation:
function estimateBase64DecodedBytes(base64: string): number {
const cleaned = base64.trim().replace(/\s+/g, "");
if (!cleaned) {
return 0;
}
const padding = cleaned.endsWith("==") ? 2 : cleaned.endsWith("=") ? 1 : 0;
const estimated = Math.floor((cleaned.length * 3) / 4) - padding;
return Math.max(0, estimated);
}
function rejectOversizedBase64Payload(params: {
data: string;
maxBytes: number;
label: "Image" | "File";
}): void {
const estimated = estimateBase64DecodedBytes(params.data);
if (estimated > params.maxBytes) {
throw new Error(
`${params.label} too large: ${estimated} bytes (limit: ${params.maxBytes} bytes)`,
);
}
}
Source: GitHub Commit Update
Detection Methods for CVE-2026-29609
Indicators of Compromise
- Sudden memory consumption spikes in OpenClaw service processes
- Multiple outbound HTTP requests to unusual or unknown external URLs
- Application crashes or out-of-memory errors in OpenClaw logs
- Network connections with large inbound data transfers lacking Content-Length headers
Detection Strategies
- Monitor system memory utilization and set alerts for abnormal consumption patterns in OpenClaw processes
- Implement network-level monitoring to detect unusually large HTTP responses directed at the application
- Configure logging to capture all external URL fetch operations with their response sizes
- Deploy application performance monitoring to detect extended fetch operations that exceed normal thresholds
Monitoring Recommendations
- Enable detailed access logging for all media fetch operations in OpenClaw
- Set up automated alerts when memory usage exceeds baseline thresholds by significant margins
- Monitor for process restarts or crashes that may indicate memory exhaustion events
- Track external URL requests and correlate with memory utilization metrics
How to Mitigate CVE-2026-29609
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.14 or later immediately
- If immediate upgrade is not possible, restrict external URL fetching capabilities
- Implement network-level controls to limit inbound response sizes from external sources
- Review and restrict which external domains OpenClaw is permitted to fetch media from
Patch Information
The vulnerability is addressed in OpenClaw version 2026.2.14. The fix implements proactive payload size estimation using the estimateBase64DecodedBytes function and validates sizes through rejectOversizedBase64Payload before memory allocation occurs. The patch is available via the GitHub Commit Update. Additional details are documented in the GitHub Security Advisory.
Workarounds
- Disable or restrict URL-backed media fetching functionality if not required for operations
- Deploy a reverse proxy or web application firewall to enforce response size limits on external requests
- Implement network segmentation to limit OpenClaw's ability to connect to arbitrary external hosts
- Configure operating system-level memory limits (cgroups, ulimit) for the OpenClaw process to contain potential exhaustion
# Example: Configure memory limits using systemd service override
# Create /etc/systemd/system/openclaw.service.d/limits.conf
[Service]
MemoryMax=2G
MemoryHigh=1.5G
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
