CVE-2026-27576

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and below

Description OpenClaw is a personal AI assistant. The ACP bridge component accepts excessively large prompt text blocks and constructs oversized prompt payloads before sending them to the chat.send function. This issue primarily impacts local ACP clients, such as IDE integrations, when processing unusually large inputs. The vulnerability stems from uncontrolled resource consumption due to the acceptance of oversized payloads. The ACP bridge is the component affected.

Recommendations Update to version 2026.2.19 or later.