CVE-2026-62210 in OpenClawinfo

Summary

by MITRE • 07/17/2026

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce availability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The OpenClaw software platform presents a significant denial of service vulnerability affecting versions prior to 2026.6.1, where maliciously crafted remote media URLs can trigger slow-read attacks that systematically exhaust gateway worker resources. This vulnerability stems from inadequate input validation and resource management within the media processing pipeline, allowing attackers to exploit the system's handling of external media sources through configured input paths.

The technical flaw manifests when the system processes remote media URLs without proper resource limiting mechanisms or timeout controls. When an attacker submits a malicious URL pointing to a remote media source, the gateway worker threads become engaged in reading data at a deliberately slow pace, consuming available connections and processing power. This slow-read attack pattern specifically targets the HTTP client implementation within OpenClaw's media ingestion layer, where network read operations are not properly bounded by time or data constraints.

The operational impact of this vulnerability extends beyond simple service disruption to create cascading resource exhaustion across the gateway infrastructure. As worker threads become tied up in slow data reads, legitimate requests cannot be processed effectively, leading to reduced system availability and potential complete service degradation. The vulnerability is particularly dangerous because it can be exploited by attackers who already have access to configured input paths, making it difficult to distinguish between legitimate and malicious traffic without proper monitoring.

This vulnerability aligns with CWE-400, which covers unspecified denial of service conditions in software systems, and represents a specific implementation weakness in resource management. The attack pattern follows techniques described in MITRE ATT&CK tactic TA0040 (Resource Exhaustion) where adversaries consume system resources to deny service to legitimate users. The issue particularly affects systems with limited gateway worker capacity, where a single malicious request can effectively bring the entire media processing pipeline to a halt.

Mitigation strategies should focus on implementing strict timeout mechanisms for all remote media URL processing, establishing maximum data read limits per connection, and deploying rate limiting controls for input path access. System administrators should configure resource quotas for individual worker threads and implement monitoring solutions that detect anomalous slow-read patterns. Additionally, input validation should be strengthened to reject URLs from untrusted domains or those lacking proper security headers, while network-level firewalls can be configured to limit concurrent connections from suspicious sources. Regular security assessments should verify that all remote media processing components properly handle malformed or malicious inputs without consuming excessive system resources.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!