CVE-2026-28394
MEDIUM6.5EPSS 0.19%OpenClaw has a Web Fetch DoS via unbounded response parsing
描述
### Summary The `web_fetch` tool could be used to crash the OpenClaw Gateway process (OOM / resource exhaustion) by fetching and attempting to parse attacker-controlled web pages with oversized response bodies or pathological HTML nesting. ### Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.14` - Fixed versions: `>= 2026.2.15` ### Impact An attacker can social-engineer a user (or any automation that uses `web_fetch`) into fetching a malicious URL that returns extremely large or deeply nested HTML. The Gateway may exhaust memory or become unresponsive, causing a denial of service. ### Fix The Gateway now caps the downloaded response body size before any HTML parsing and adds additional guards to avoid running Readability/DOM parsing on pathological HTML. ### Fix Commit(s) - 166cf6a3e04c7df42bea70a7ad5ce2b9df46d147 ### Release Process Note This advisory is prepared for the next npm release. Once `[email protected]` is published, publish this advisory without further edits. Thanks @xuemian168 for reporting.
受影響套件(1)
- npm/openclawfrom 0, < 2026.2.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |