AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-cxpw-2g23-2vgw: OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

mediumvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseFebruary 20, 2026CVE-2026-27576

Summary

OpenClaw's ACP bridge (a local communication protocol for IDE integrations) didn't check prompt size limits before processing, causing the system to accept and forward extremely large text blocks that could slow down local sessions and increase API costs. The vulnerability only affects local clients sending unusually large inputs, with no remote attack risk.

Solution / Mitigation

The patched version 2026.2.18 enforces a 2 MiB (2 megabyte) prompt-text limit before combining text blocks, counts newline separator bytes during size checks, maintains final message-size validation before sending to the chat service, prevents stale session state when oversized prompts are rejected, and adds regression tests for oversize rejection and cleanup.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedAPI

Affected Vendors

Affected Packages

openclaw@<= 2026.2.17 (fixed: 2026.2.19)

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 20, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 85%