GHSA-Q447-RJ3R-2CGH
Vulnerability from github – Published: 2026-02-18 00:53 – Updated: 2026-02-18 00:53
VLAI?
Summary
OpenClaw affected by denial of service via unbounded webhook request body buffering
Details
Summary
Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability.
Details
Affected packages:
- openclaw (npm): <2026.2.12
- clawdbot (npm): <=2026.1.24-3
Root cause:
- Webhook code paths buffered request payloads without consistent maxBytes + timeoutMs enforcement.
- Some SDK-backed handlers parse request bodies internally and needed stream-level guards.
Attack shape: - Send very large JSON payloads or slow/incomplete uploads to webhook endpoints. - Observe elevated memory usage and request handler pressure.
Impact
Remote unauthenticated availability impact (DoS) via request body amplification/memory pressure.
Patch details (implemented)
- Added shared bounded request-body helper in
src/infra/http-body.ts. - Exported helper in
src/plugin-sdk/index.tsfor extension reuse. - Migrated webhook body readers to shared helper for:
- LINE
- Nextcloud Talk
- Google Chat
- Zalo
- BlueBubbles
- Nostr profile HTTP
- Voice-call
- Gateway hooks
- Added stream guards for SDK handlers that parse request bodies internally:
- Slack
- Telegram
- Feishu
- Added explicit Express JSON body limit handling for MS Teams webhook path.
- Standardized failure responses:
413 Payload Too Large408 Request Timeout
Tests
- Added regression tests:
src/infra/http-body.test.tssrc/line/monitor.read-body.test.tsextensions/nextcloud-talk/src/monitor.read-body.test.ts- Focused webhook/security test suite passes for patched paths.
Remediation
Upgrade to the first release containing this patch.
Credits
Thanks @vincentkoc for reporting.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "clawdbot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2026.1.24-3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-18T00:53:07Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nMultiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability.\n\n### Details\nAffected packages:\n- `openclaw` (npm): `\u003c2026.2.12`\n- `clawdbot` (npm): `\u003c=2026.1.24-3`\n\nRoot cause:\n- Webhook code paths buffered request payloads without consistent `maxBytes` + `timeoutMs` enforcement.\n- Some SDK-backed handlers parse request bodies internally and needed stream-level guards.\n\nAttack shape:\n- Send very large JSON payloads or slow/incomplete uploads to webhook endpoints.\n- Observe elevated memory usage and request handler pressure.\n\n### Impact\nRemote unauthenticated availability impact (DoS) via request body amplification/memory pressure.\n\n### Patch details (implemented)\n- Added shared bounded request-body helper in `src/infra/http-body.ts`.\n- Exported helper in `src/plugin-sdk/index.ts` for extension reuse.\n- Migrated webhook body readers to shared helper for:\n - LINE\n - Nextcloud Talk\n - Google Chat\n - Zalo\n - BlueBubbles\n - Nostr profile HTTP\n - Voice-call\n - Gateway hooks\n- Added stream guards for SDK handlers that parse request bodies internally:\n - Slack\n - Telegram\n - Feishu\n- Added explicit Express JSON body limit handling for MS Teams webhook path.\n- Standardized failure responses:\n - `413 Payload Too Large`\n - `408 Request Timeout`\n\n### Tests\n- Added regression tests:\n - `src/infra/http-body.test.ts`\n - `src/line/monitor.read-body.test.ts`\n - `extensions/nextcloud-talk/src/monitor.read-body.test.ts`\n- Focused webhook/security test suite passes for patched paths.\n\n### Remediation\nUpgrade to the first release containing this patch.\n\n## Credits\nThanks @vincentkoc for reporting.",
"id": "GHSA-q447-rj3r-2cgh",
"modified": "2026-02-18T00:53:07Z",
"published": "2026-02-18T00:53:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q447-rj3r-2cgh"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw affected by denial of service via unbounded webhook request body buffering"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…