Impact Analysis

This vulnerability can impact you by causing reduced responsiveness or denial-of-service in local ACP sessions when very large prompts are submitted. It may also lead to unexpectedly high model usage and associated costs due to forwarding oversized text payloads.

There is no privilege escalation or direct remote attack vector in the default ACP model, so the impact is limited to local clients that send large inputs.

The vulnerability can cause excessive memory allocation and resource exhaustion, potentially disrupting normal operation of the OpenClaw assistant in affected versions.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27576 is a vulnerability in the OpenClaw AI assistant's ACP (Asynchronous Chat Protocol) bridge, specifically in versions 2026.2.17 and below. The ACP bridge accepts very large prompt text blocks without proper size validation, allowing the assembly of oversized prompt payloads before forwarding them to the chat.send function."}, {'type': 'paragraph', 'content': 'Since ACP operates over local stdio, this mainly affects local ACP clients such as IDE integrations that send unusually large inputs. The vulnerability arises from improper input validation and uncontrolled resource consumption, which can lead to denial-of-service (DoS) or memory exhaustion conditions.'}, {'type': 'paragraph', 'content': 'The issue was fixed by enforcing a strict 2 MiB limit on prompt text size before concatenation, accurately counting newline separator bytes, rejecting oversized prompts early, and cleaning up session states to avoid stale or inconsistent states.'}] [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability primarily affects local ACP clients, such as IDE integrations, that send unusually large prompt text blocks over the local stdio bridge. Detection involves monitoring for unusually large prompt payloads being sent to the ACP bridge.

Since the vulnerability is related to oversized prompt payloads causing resource exhaustion or denial-of-service locally, detection can focus on identifying large prompt inputs exceeding 2 MiB before being forwarded to chat.send.

Specific commands are not provided in the available resources, but general approaches include:

• Monitoring local ACP client logs or IDE integration logs for prompt sizes exceeding 2 MiB.
• Using system monitoring tools to detect high memory or CPU usage spikes related to OpenClaw processes during prompt handling.
• Instrumenting or adding debug logging in the OpenClaw source code (e.g., in src/acp/event-mapper.ts and src/acp/translator.ts) to log prompt sizes before processing.

No explicit command-line commands or network detection signatures are provided in the resources.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade OpenClaw to version 2026.2.19 or later, where the vulnerability has been fixed.

The fix enforces a strict 2 MiB limit on prompt text size before concatenation and final message assembly, preventing oversized prompts from causing resource exhaustion or denial-of-service.

• Upgrade OpenClaw to version 2026.2.19 or newer.
• Ensure that local ACP clients (such as IDE integrations) do not send prompt payloads exceeding 2 MiB.
• Apply any patches or commits related to CVE-2026-27576, including those that add prompt size validation and session state cleanup.

Additionally, monitor and limit prompt sizes in your environment to avoid triggering the vulnerability until the upgrade is applied.

Useful 0 Not Useful 0