GHSA-rxxp-482v-7mrh: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

March 2, 2026

OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection.

References

github.com/advisories/GHSA-rxxp-482v-7mrh
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c
github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh

Code Behaviors & Features

Detect and mitigate GHSA-rxxp-482v-7mrh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →