CVE-2026-29612 MEDIUM

CVE-2026-29612: OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding

Vendor Openclaw
Product OpenClaw
Weakness CWE-770 · Uncontrolled resource consumption
Published March 5, 2026
Last update March 9, 2026

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
March 9, 2026 Record updated