GHSA-q447-rj3r-2cgh: OpenClaw affected by denial of service via unbounded webhook request body buffering

February 18, 2026

Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability.

References

github.com/advisories/GHSA-q447-rj3r-2cgh
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-q447-rj3r-2cgh

Code Behaviors & Features

Detect and mitigate GHSA-q447-rj3r-2cgh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →