Description
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19.
Published: 2026-02-21
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Uncontrolled Resource Consumption (potential DoS)
Action: Immediate Patch
AI Analysis

Impact

The OpenClaw ACP bridge does not enforce prompt size limits, allowing an attacker or user to construct an oversized prompt payload that is assembled before being sent to the chat service. This can overload local resources, cause significant performance degradation, and in extreme cases result in a denial‑of‑service for the local ACP client. The weakness is a classic uncontrolled resource consumption flaw (CWE‑400).

Affected Systems

The vulnerability affects the OpenClaw personal AI assistant, specifically version 2026.2.17 and earlier, and targets local ACP client integrations such as IDE plugins that communicate over standard input/output streams.

Risk and Exploitability

The CVSS score of 4.8 indicates a medium severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the near term. The issue is not currently listed in the CISA KEV catalog. Because the vulnerable code path only exists for local clients, exploitation requires an attacker to run a local OpenClaw process or to have a user supply an unusually large prompt. The fix was introduced in the 2026.2.19 release, eliminating the size‑validation gap.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.19 or later to remove the missing prompt‑size checks.
  • If an upgrade cannot be performed, implement a client‑side or configuration‑based prompt size limitation to prevent overly large inputs from being transmitted.
  • Continuously monitor client performance metrics and logs for anomalous latency spikes or memory consumption associated with large prompt submissions.

Generated by OpenCVE AI on April 17, 2026 at 16:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cxpw-2g23-2vgw OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
History

Wed, 25 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 4.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Sat, 21 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19.
Title OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-24T18:11:33.124Z

Reserved: 2026-02-20T17:40:28.449Z

Link: CVE-2026-27576

cve-icon Vulnrichment

Updated: 2026-02-24T18:11:25.584Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-21T10:16:13.437

Modified: 2026-02-23T20:39:31.980

Link: CVE-2026-27576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T17:00:10Z

Weaknesses