CVE-2026-27576 – OpenClaw's ACP bridge accepts excessively large... (How to Fix)

Q: What is the severity of CVE-2026-27576?

CVE-2026-27576 has a CVSS score of 4.0 (MEDIUM). OpenClaw's ACP bridge accepts excessively large prompt text blocks, allowing local ACP clients to send oversized payloads that could cause resource exhaustion or denial of service. This primarily affects local integrations like IDE plugins that send unusually large inputs. The vulnerability is limited to local stdio communication between ACP clients and the chat.send function.

📋 TL;DR

OpenClaw's ACP bridge accepts excessively large prompt text blocks, allowing local ACP clients to send oversized payloads that could cause resource exhaustion or denial of service. This primarily affects local integrations like IDE plugins that send unusually large inputs. The vulnerability is limited to local stdio communication between ACP clients and the chat.send function.

💻 Affected Systems

Products:

OpenClaw

Versions: 2026.2.17 and below

Operating Systems: All platforms running OpenClaw

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using ACP bridge with local clients that send large prompt inputs.

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Resource exhaustion leading to denial of service, potentially crashing the OpenClaw process or causing system instability through memory/CPU exhaustion.

🟠

Likely Case

Local denial of service affecting OpenClaw functionality when IDE integrations or other ACP clients send malformed large inputs.

🟢

If Mitigated

Minimal impact with proper input validation and size limits in place.

🌐 Internet-Facing: LOW - The vulnerability affects local stdio communication, not network-facing interfaces.

🏢 Internal Only: MEDIUM - Local ACP clients can trigger the issue, but requires specific conditions and large input generation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simply sending large text blocks to the ACP bridge.

Exploitation requires local access to send inputs via ACP bridge, typically through IDE integrations or custom ACP clients.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.19

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-cxpw-2g23-2vgw

Restart Required: Yes

Instructions:

1. Download OpenClaw v2026.2.19 from official releases. 2. Stop OpenClaw service. 3. Replace existing installation with patched version. 4. Restart OpenClaw service.

🔧 Temporary Workarounds

Input Size Limitation

all

Configure ACP clients to limit prompt text size before sending to OpenClaw.

# Configure your IDE plugin or ACP client to limit input size

Disable ACP Bridge

all

Temporarily disable ACP bridge functionality if not required.

# Set environment variable: OPENCLAW_ACP_DISABLE=1
# Or modify config to disable ACP bridge

🧯 If You Can't Patch

Monitor system resources for unusual memory/CPU usage by OpenClaw processes.
Implement rate limiting or input validation in ACP client applications.

🔍 How to Verify

Check if Vulnerable:

Check OpenClaw version: if version is 2026.2.17 or earlier, system is vulnerable.

Check Version:

openclaw --version

Verify Fix Applied:

Verify OpenClaw version is 2026.2.19 or later after patching.

📡 Detection & Monitoring

Log Indicators:

Large input size warnings in OpenClaw logs
Resource exhaustion errors
ACP bridge processing errors

Network Indicators:

N/A - Local stdio communication only

SIEM Query:

source="openclaw.log" AND ("large input" OR "resource" OR "memory" OR "ACP")

📊 Metadata

CVE ID: CVE-2026-27576

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-400

Published: February 21, 2026

Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27576, you might also want to check these: