{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28452", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-27T19:17:10.435Z", "datePublished": "2026-03-05T21:59:29.679Z", "dateUpdated": "2026-03-09T16:55:24.088Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T22:27:54.609Z"}, "datePublic": "2026-02-15T00:00:00.000Z", "title": "OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive", "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource exhaustion by providing maliciously crafted archive files during install or update operations, causing service degradation or system unavailability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770", "type": "CWE"}]}], "affected": [{"defaultStatus": "unaffected", "product": "OpenClaw", "vendor": "OpenClaw", "versions": [{"version": "0", "lessThan": "2026.2.14", "status": "affected", "versionType": "custom"}], "packageURL": "pkg:npm/openclaw"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.14"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj", "name": "GitHub Security Advisory (GHSA-h89v-j3x9-8wqj)", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openclaw/openclaw/commit/d3ee5deb87ee2ad0ab83c92c365611165423cb71", "name": "Patch Commit #1", "tags": ["patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea", "name": "Patch Commit #2", "tags": ["patch"]}, {"name": "VulnCheck Advisory: OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unguarded-archive-extraction-in-extractarchive"}], "x_generator": {"engine": "vulncheck"}, "credits": [{"lang": "en", "value": "Vincent Koc (@vincentkoc)", "type": "reporter"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T16:54:56.658918Z", "id": "CVE-2026-28452", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:55:24.088Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28452", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T16:54:56.658918Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:55:19.071Z"}}], "cna": {"title": "OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive", "credits": [{"lang": "en", "type": "reporter", "value": "Vincent Koc (@vincentkoc)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenClaw", "product": "OpenClaw", "versions": [{"status": "affected", "version": "0", "lessThan": "2026.2.14", "versionType": "custom"}], "packageURL": "pkg:npm/openclaw", "defaultStatus": "unaffected"}], "datePublic": "2026-02-15T00:00:00.000Z", "references": [{"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj", "name": "GitHub Security Advisory (GHSA-h89v-j3x9-8wqj)", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openclaw/openclaw/commit/d3ee5deb87ee2ad0ab83c92c365611165423cb71", "name": "Patch Commit #1", "tags": ["patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea", "name": "Patch Commit #2", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unguarded-archive-extraction-in-extractarchive", "name": "VulnCheck Advisory: OpenClaw < 2026.2.14 - Denial of Service via Unguarded Archive Extraction in extractArchive", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource exhaustion by providing maliciously crafted archive files during install or update operations, causing service degradation or system unavailability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "vulnerable": true, "versionEndExcluding": "2026.2.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T22:27:54.609Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28452", "state": "PUBLISHED", "dateUpdated": "2026-03-09T16:55:24.088Z", "dateReserved": "2026-02-27T19:17:10.435Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-05T21:59:29.679Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "0F3079A3-9FBD-4E87-821D-5CAF0622C555", "versionEndExcluding": "2026.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource exhaustion by providing maliciously crafted archive files during install or update operations, causing service degradation or system unavailability."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a la 2026.2.14 contienen una vulnerabilidad de denegaci\u00f3n de servicio en la funci\u00f3n extractArchive dentro de src/infra/archive.ts que permite a los atacantes consumir recursos excesivos de CPU, memoria y disco a trav\u00e9s de archivos ZIP y TAR de alta expansi\u00f3n. Los atacantes remotos pueden desencadenar el agotamiento de recursos al proporcionar archivos comprimidos maliciosos durante las operaciones de instalaci\u00f3n o actualizaci\u00f3n, causando degradaci\u00f3n del servicio o indisponibilidad del sistema."}], "id": "CVE-2026-28452", "lastModified": "2026-03-09T18:30:09.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-05T22:16:17.410", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/5f4b29145c236d124524c2c9af0f8acd048fbdea"}, {"source": "disclosure@vulncheck.com", "tags": ["Patch"], "url": "https://github.com/openclaw/openclaw/commit/d3ee5deb87ee2ad0ab83c92c365611165423cb71"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory", "Patch"], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h89v-j3x9-8wqj"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unguarded-archive-extraction-in-extractarchive"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026.2.14)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "OpenClaw", "source": "cna", "vendor": "OpenClaw"}, "product": "openclaw", "vendor": "openclaw"}], "analysis": {"en": {"generated_at": "2026-04-17T12:37:55.441200+00:00", "value": {"mitigation_remediation": ["Upgrade to OpenClaw 2026.2.14 or later, which removes the unguarded archive extraction flaw.", "Disable automatic installation of unverified archives until the patch is applied, ensuring only signed or verified packages are processed.", "Configure resource limits or a watchdog on the extraction process to prevent system over\u2011utilization during archive unpacking."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is OpenClaw, a Node.js application. Any installation of OpenClaw built from source or distributed binaries with a version older than 2026.2.14 is vulnerable. The vulnerability exists in the core archive extraction logic and is not limited to a particular operating system or deployment environment.", "description_and_impact": "OpenClaw versions earlier than 2026.2.14 allow attackers to trigger denial of service by feeding the program high\u2011expansion ZIP and TAR archives. The vulnerability resides in the extractArchive function in src/infra/archive.ts and enables the attacker to consume excessive CPU, memory, and disk resources, leading to service degradation or system unavailability. This is a classic instance of uncontrolled resource consumption, identified as CWE\u2011770.", "risk_and_exploitability": "The CVSS score of 6.7 indicates a moderate severity, while the EPSS score of less than 1% suggests a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Remote attackers can potentially exploit the flaw by embedding malicious archives in install or update operations, which are typically executed with elevated privileges. The attack vector is inferred to be remote, via the update mechanism, and would require the attacker to provide a crafted archive to the target system. Given the nature of the resource exhaustion, even a single successful exploit can render the service unavailable to legitimate users."}}}}, "created": "2026-03-06T15:00:31.266973+00:00", "updated": "2026-04-17T12:45:16.138303+00:00", "vendors": ["openclaw", "openclaw$PRODUCT$openclaw"]}