![[openclaw] OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels](/assets/images/github_com_1772501100979.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 2
[openclaw] OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels**
Summary OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection. Affected Packages / Versions Package: openclaw (npm) Affected versions: <= 2026.2.21-2 (latest published at triage time) Fixed in: 2026.2.22 (planned next release) Impact An attacker could cause elevated memory usage and potential process instability (denial of service) by sending oversized media payloads. Fix Commit(s) 73d93dee64127a26f1acd09d0403b794cdeb4f5c Release Process Note patched_versions is pre-set to the planned next release (2026.2.22). After that npm release is published, this advisory can be published without further version-field edits...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary OpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection. Affected Packages / Versions Package: openclaw (npm) Affected versions: <= 2026.2.21-2 (latest published at triage time) Fixed in: 2026.2.22 (planned next release) Impact An attacker could cause elevated memory usage and potential process instability (denial of service) by sending oversized media payloads. Fix Commit(s) 73d93dee64127a26f1acd09d0403b794cdeb4f5c Release Process Note patched_versions is pre-set to the planned next release (2026.2.22). After that npm release is published, this advisory can be published without further version-field edits...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.