Vulnerability-Lookup

CVE-2026-27576 (GCVE-0-2026-27576)

Vulnerability from cvelistv5 – Published: 2026-02-21 10:00 – Updated: 2026-02-24 18:11

Title

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Summary

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

URL

Tags

	https://github.com/openclaw/openclaw/security/adv…	x_refsource_CONFIRM
	https://github.com/openclaw/openclaw/commit/63e39…	x_refsource_MISC
	https://github.com/openclaw/openclaw/commit/8ae2d…	x_refsource_MISC
	https://github.com/openclaw/openclaw/commit/ebcf1…	x_refsource_MISC
	https://github.com/openclaw/openclaw/releases/tag…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	openclaw	openclaw	Affected: < 2026.2.19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-24T18:11:17.743556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-24T18:11:33.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openclaw",
          "vendor": "openclaw",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.2.19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-21T10:00:12.193Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw"
        },
        {
          "name": "https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c"
        },
        {
          "name": "https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68"
        },
        {
          "name": "https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a"
        },
        {
          "name": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"
        }
      ],
      "source": {
        "advisory": "GHSA-cxpw-2g23-2vgw",
        "discovery": "UNKNOWN"
      },
      "title": "OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27576",
    "datePublished": "2026-02-21T10:00:12.193Z",
    "dateReserved": "2026-02-20T17:40:28.449Z",
    "dateUpdated": "2026-02-24T18:11:33.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

FKIE_CVE-2026-27576

Vulnerability from fkie_nvd - Published: 2026-02-21 10:16 - Updated: 2026-02-23 20:39

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c	Patch
security-advisories@github.com	https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68	Patch
security-advisories@github.com	https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a	Patch
security-advisories@github.com	https://github.com/openclaw/openclaw/releases/tag/v2026.2.19	Release Notes
security-advisories@github.com	https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw	Vendor Advisory

Impacted products

	Vendor	Product	Version
	openclaw	openclaw	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "7FCEB318-0B88-45F7-8AC7-5860166A7AC5",
              "versionEndIncluding": "2026.2.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs. This issue has been fixed in version 2026.2.19."
    }
  ],
  "id": "CVE-2026-27576",
  "lastModified": "2026-02-23T20:39:31.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-21T10:16:13.437",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-CXPW-2G23-2VGW

Vulnerability from github – Published: 2026-02-20 21:52 – Updated: 2026-02-23 22:30

Summary

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Details

Vulnerability

The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send.

Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.

Affected Packages / Versions

Package: openclaw (npm)
Affected versions: <= 2026.2.17
Patched version: 2026.2.18 (planned next release)

Impact

Local ACP sessions may become less responsive when very large prompts are submitted
Larger-than-expected model usage/cost when oversized text is forwarded
No privilege escalation and no direct remote attack path in the default ACP model

Affected Components

src/acp/event-mapper.ts
src/acp/translator.ts

Remediation

Enforce a 2 MiB prompt-text limit before concatenation
Count inter-block newline separator bytes during pre-concatenation size checks
Keep final outbound message-size validation before chat.send
Avoid stale active-run session state when oversized prompts are rejected
Add regression tests for oversize rejection and active-run cleanup

Fix Commit(s)

732e53151e8fbdfc0501182ddb0e900878bdc1e3
ebcf19746f5c500a41817e03abecadea8655654a
63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c

Thanks @aether-ai-agent for reporting.

Severity ?

4.8 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.2.17"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-20T21:52:44Z",
    "nvd_published_at": "2026-02-21T10:16:13Z",
    "severity": "MODERATE"
  },
  "details": "## Vulnerability\n\nThe ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to `chat.send`.\n\nBecause ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.17`\n- Patched version: `2026.2.18` (planned next release)\n\n## Impact\n\n- Local ACP sessions may become less responsive when very large prompts are submitted\n- Larger-than-expected model usage/cost when oversized text is forwarded\n- No privilege escalation and no direct remote attack path in the default ACP model\n\n## Affected Components\n\n- `src/acp/event-mapper.ts`\n- `src/acp/translator.ts`\n\n## Remediation\n\n- Enforce a 2 MiB prompt-text limit before concatenation\n- Count inter-block newline separator bytes during pre-concatenation size checks\n- Keep final outbound message-size validation before `chat.send`\n- Avoid stale active-run session state when oversized prompts are rejected\n- Add regression tests for oversize rejection and active-run cleanup\n\n## Fix Commit(s)\n\n- `732e53151e8fbdfc0501182ddb0e900878bdc1e3`\n- `ebcf19746f5c500a41817e03abecadea8655654a`\n- `63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c`\n\nThanks @aether-ai-agent for reporting.",
  "id": "GHSA-cxpw-2g23-2vgw",
  "modified": "2026-02-23T22:30:08Z",
  "published": "2026-02-20T21:52:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27576"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/8ae2d5110f6ceadef73822aa3db194fb60d2ba68"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/ebcf19746f5c500a41817e03abecadea8655654a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27576 (GCVE-0-2026-27576)

FKIE_CVE-2026-27576

GHSA-CXPW-2G23-2VGW

Vulnerability

Affected Packages / Versions

Impact

Affected Components

Remediation

Fix Commit(s)

Tags

Sightings

Nomenclature