Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
OpenClaw: Very Large Inputs Can Slow Down Local Conversations
CVE-2026-27576
GHSA-cxpw-2g23-2vgw
Summary
A bug in OpenClaw's local conversation system can cause it to slow down or become unresponsive when very large inputs are sent. This issue affects local ACP clients, such as IDE integrations, and can lead to increased model usage and costs. To fix this, OpenClaw developers will enforce a 2-megabyte limit on prompt text and improve error handling in the next release.
What to do
- Update steipete openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.17 | 2026.2.19 |
| openclaw | openclaw | <= 2026.2.17 | – |
Original title
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
Original description
## Vulnerability
The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to `chat.send`.
Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Patched version: `2026.2.18` (planned next release)
## Impact
- Local ACP sessions may become less responsive when very large prompts are submitted
- Larger-than-expected model usage/cost when oversized text is forwarded
- No privilege escalation and no direct remote attack path in the default ACP model
## Affected Components
- `src/acp/event-mapper.ts`
- `src/acp/translator.ts`
## Remediation
- Enforce a 2 MiB prompt-text limit before concatenation
- Count inter-block newline separator bytes during pre-concatenation size checks
- Keep final outbound message-size validation before `chat.send`
- Avoid stale active-run session state when oversized prompts are rejected
- Add regression tests for oversize rejection and active-run cleanup
## Fix Commit(s)
- `732e53151e8fbdfc0501182ddb0e900878bdc1e3`
- `ebcf19746f5c500a41817e03abecadea8655654a`
- `63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c`
Thanks @aether-ai-agent for reporting.
The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to `chat.send`.
Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Patched version: `2026.2.18` (planned next release)
## Impact
- Local ACP sessions may become less responsive when very large prompts are submitted
- Larger-than-expected model usage/cost when oversized text is forwarded
- No privilege escalation and no direct remote attack path in the default ACP model
## Affected Components
- `src/acp/event-mapper.ts`
- `src/acp/translator.ts`
## Remediation
- Enforce a 2 MiB prompt-text limit before concatenation
- Count inter-block newline separator bytes during pre-concatenation size checks
- Keep final outbound message-size validation before `chat.send`
- Avoid stale active-run session state when oversized prompts are rejected
- Add regression tests for oversize rejection and active-run cleanup
## Fix Commit(s)
- `732e53151e8fbdfc0501182ddb0e900878bdc1e3`
- `ebcf19746f5c500a41817e03abecadea8655654a`
- `63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c`
Thanks @aether-ai-agent for reporting.
nvd CVSS3.1
4.0
nvd CVSS4.0
4.8
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
- https://nvd.nist.gov/vuln/detail/CVE-2026-27576
- https://github.com/advisories/GHSA-cxpw-2g23-2vgw
- https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd... Patch
- https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2... Patch
- https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655... Patch
- https://github.com/openclaw/openclaw/releases/tag/v2026.2.19 Release Notes
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw Vendor Advisory
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026