Primary

Context

OpenClaw Denial-of-Service Vulnerability in Web Fetch Tool

Vulnerability

A denial-of-service vulnerability has been identified in OpenClaw versions prior to 2026.2.15. The issue resides in the web_fetch tool, where attackers can cause the Gateway process to crash by exhausting memory. This is achieved by parsing oversized or deeply nested HTML responses. Remote attackers may social-engineer users into fetching malicious URLs that exploit this vulnerability, leading to service unavailability.

Impact

Exploitation of this vulnerability can cause the OpenClaw Gateway process to crash or become unresponsive, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using the web_fetch tool to fetch a URL that returns a large or deeply nested HTML response. This can be done manually or by automating the process, such as through a browser extension that simulates user interactions.

Remediation

Users can update to OpenClaw version 2026.2.15 or later, where this vulnerability has been patched.

Added: Mar 5, 2026, 10:48 PM

Updated: Mar 5, 2026, 10:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.2

remediation

0.0

relevance

3.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.2

remediation

0.0

relevance

3.5

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Denial-of-Service Vulnerability in Web Fetch Tool

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating