CVE-2026-27576
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19.
| CWE | CWE-400 |
| Vendor | openclaw |
| Product | openclaw |
| Published | Feb 21, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for openclaw openclaw
Be the first to know when new unknown vulnerabilities affecting openclaw openclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
openclaw / openclaw
< 2026.2.19
References
github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw github.com: https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c github.com: https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68 github.com: https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a github.com: https://github.com/openclaw/openclaw/releases/tag/v2026.2.19