CVE-2026-62210
Received Received - Intake

Denial of Service via Slow-Read in OpenClaw

Vulnerability report for CVE-2026-62210, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-62210 is a denial of service vulnerability in OpenClaw versions before 2026.6.1. It allows remote media URLs to trigger slow-read attacks that exhaust gateway worker resources, reducing system availability. The issue occurs when attackers with access to configured input paths supply remote media URLs that consume resources.

Detection Guidance

Monitor network traffic for unusually high resource usage by OpenClaw workers. Check logs for slow-read attacks targeting remote media URLs. Use system monitoring tools like top, htop, or netstat to observe resource consumption spikes in OpenClaw processes.

Impact Analysis

This vulnerability can lead to reduced system availability due to resource exhaustion. Attackers may cause slow-read attacks that consume gateway worker resources, potentially making the system unresponsive or unavailable for legitimate users.

Compliance Impact

This vulnerability primarily impacts system availability by allowing denial of service attacks through resource exhaustion. While it does not directly affect data confidentiality or integrity, reduced availability could impact compliance with standards requiring timely data access or system uptime, such as GDPR's data processing requirements or HIPAA's availability standards.

Mitigation Strategies

Upgrade OpenClaw to version 2026.6.1 or later. Restrict access to the affected feature to trusted operators only. Disable the remote media URL feature if not required. Monitor system resources closely for signs of resource exhaustion.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart