OpenClaw Oversized Prompt Handling Vulnerability in ACP Bridge

A vulnerability exists in OpenClaw's ACP bridge, specifically in versions through 2026.2.17. The issue arises because the bridge accepts large prompt text blocks, which can lead to memory exhaustion by assembling oversized payloads before sending them via 'chat.send'. This problem primarily affects local ACP clients, such as IDE integrations, that transmit unusually large inputs. The vulnerability has been addressed in version 2026.2.19.

Impact

The vulnerability can cause local ACP sessions to become unresponsive when very large prompts are submitted. It can also lead to unexpected model usage and costs, as oversized text is forwarded to the model. However, there is no privilege escalation or direct remote attack path in the default ACP model.

Reproduction

The vulnerability can be reproduced by sending a prompt larger than 2 MiB from a local ACP client, such as an integrated development environment (IDE) that uses the ACP bridge. The prompt size can be verified by checking the model's response time or by monitoring the 'chat.send' payload for oversized text blocks.

Remediation

Users can update to OpenClaw version 2026.2.19 or later, which enforces a 2 MiB limit on prompt text before concatenation, accounts for newline separator bytes in size checks, and includes regression tests for the prompt size handling.