CVE-2026-28452
📋 TL;DR
OpenClaw versions before 2026.2.14 contain a denial of service vulnerability where attackers can send malicious ZIP or TAR archives during install/update operations, causing excessive CPU, memory, and disk resource consumption. This affects all OpenClaw users performing archive extraction operations, potentially leading to service degradation or system unavailability.
💻 Affected Systems
- OpenClaw
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to resource exhaustion, requiring system reboot and service restoration.
Likely Case
Service degradation with slow performance, failed operations, and potential service interruptions.
If Mitigated
Minimal impact with proper input validation and resource limits in place.
🎯 Exploit Status
Exploitation requires providing malicious archives to the vulnerable function, which is straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.2.14 and later
Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj
Restart Required: Yes
Instructions:
1. Update OpenClaw to version 2026.2.14 or later. 2. Restart the OpenClaw service. 3. Verify the update was successful.
🔧 Temporary Workarounds
Implement archive size limits
allConfigure maximum archive size limits before extraction to prevent resource exhaustion.
# Configure in application settings or use system limits
Disable archive extraction from untrusted sources
allRestrict archive extraction to trusted, verified sources only.
# Implement source validation in archive processing
🧯 If You Can't Patch
- Implement strict input validation for archive files before processing
- Monitor system resources and set up alerts for abnormal CPU/memory/disk usage
🔍 How to Verify
Check if Vulnerable:
Check OpenClaw version: if version is less than 2026.2.14, system is vulnerable.Check Version:
openclaw --version or check package managerVerify Fix Applied:
Verify OpenClaw version is 2026.2.14 or later and test archive extraction with known safe archives.📡 Detection & Monitoring
Log Indicators:
- High CPU/memory usage during archive extraction
- Failed archive extraction operations
- System resource exhaustion warnings
Network Indicators:
- Large archive file uploads to OpenClaw endpoints
- Multiple archive upload attempts
SIEM Query:
source="openclaw" AND ("extractArchive" OR "archive extraction") AND (cpu_usage>90 OR memory_usage>90)🔗 References
- https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea
- https://github.com/openclaw/openclaw/commit/d3ee5deb87ee2ad0ab83c92c365611165423cb71
- https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj
- https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unguarded-archive-extraction-in-extractarchive
