GHSA-cxpw-2g23-2vgw

Suggest an improvement
Source
https://github.com/advisories/GHSA-cxpw-2g23-2vgw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-cxpw-2g23-2vgw/GHSA-cxpw-2g23-2vgw.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-cxpw-2g23-2vgw
Aliases
Downstream
Published
2026-02-20T21:52:44Z
Modified
2026-02-20T23:35:28.621502Z
Severity
  • 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs
Details

Vulnerability

The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send.

Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.17
  • Patched version: 2026.2.18 (planned next release)

Impact

  • Local ACP sessions may become less responsive when very large prompts are submitted
  • Larger-than-expected model usage/cost when oversized text is forwarded
  • No privilege escalation and no direct remote attack path in the default ACP model

Affected Components

  • src/acp/event-mapper.ts
  • src/acp/translator.ts

Remediation

  • Enforce a 2 MiB prompt-text limit before concatenation
  • Count inter-block newline separator bytes during pre-concatenation size checks
  • Keep final outbound message-size validation before chat.send
  • Avoid stale active-run session state when oversized prompts are rejected
  • Add regression tests for oversize rejection and active-run cleanup

Fix Commit(s)

  • 732e53151e8fbdfc0501182ddb0e900878bdc1e3
  • ebcf19746f5c500a41817e03abecadea8655654a
  • 63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c

Thanks @aether-ai-agent for reporting.

Database specific
{
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-20T21:52:44Z",
    "nvd_published_at": null
}
References

Affected packages

npm / openclaw

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2026.2.19

Database specific

source
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-cxpw-2g23-2vgw/GHSA-cxpw-2g23-2vgw.json"
last_known_affected_version_range
"<= 2026.2.17"