PULSE
EN VIVO44señales / 24h
FEED
ransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcare
← Todos los CVEs
CVE Watch17 jul 2026

CVE-2026-62210

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhau

CVSS

6.5

Medio

EPSS

KEV

Exploit Today

0-100

Publicado: 17 jul 2026 · Última mod.: 17 jul 2026 · CWE-770

EPSS · 30d

Sin historial EPSS suficiente todavía.

Descripción técnica

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce availability.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-217107.5 ALT
97.8%
29A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**2d
CVE-2026-261307.5 ALT
85.0%
25Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.2d
CVE-2026-489337.5 ALT
84.9%
25A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.21h
CVE-2026-455917.5 ALT
82.4%
25Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.2d
CVE-2021-366307.5 ALT
80.5%
24DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.8d
CVE-2025-97847.5 ALT
80.2%
24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).17d