OpenClaw Resource Exhaustion Vulnerability in Media Downloads
Vulnerability
A resource exhaustion vulnerability has been identified in OpenClaw versions prior to 2026.3.31. This vulnerability allows attackers to bypass core safety limits on file size, count, and cleanup operations during media downloads. As a result, disk space can be exhausted by downloading media files without triggering the intended safety restrictions, leading to a negative impact on availability.
Impact
Exploitation of this vulnerability can cause disk space exhaustion, disrupting normal operations and potentially leading to application or system failures.
Reproduction
The vulnerability can be reproduced by downloading media files through the Tlon platform, which will bypass the application's built-in safety limits on file downloads. This can be done manually or through automated scripts that simulate the download process. The key is to download enough files to fill up the available disk space, taking advantage of the fact that the application does not properly manage file sizes or cleanup after downloads.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.