OpenClaw before 2026.3.31 contains a decompression bomb...
High severity
Unreviewed
Published
Apr 24, 2026
to the GitHub Advisory Database
•
Updated Apr 24, 2026
Description
Published by the National Vulnerability Database
Apr 23, 2026
Published to the GitHub Advisory Database
Apr 24, 2026
Last updated
Apr 24, 2026
OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized images to cause denial of service through excessive memory consumption.
References