Vulnerability Details CVE-2026-42420
OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 4.3