Input validation error in OpenClaw - CVE-2026-27576
Published: May 4, 2026
Vulnerability identifier: #VU129412
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-27576
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw
OpenClaw
Detailed vulnerability description
The vulnerability allows a local user to cause reduced responsiveness and increased resource consumption.
The vulnerability exists due to improper input validation in the local stdio ACP bridge when processing very large prompt text blocks. A local user can submit unusually large inputs to cause reduced responsiveness and increased resource consumption.
Because ACP runs over local stdio, the issue mainly affects local ACP clients such as IDE integrations.
How to mitigate CVE-2026-27576
Install security update from vendor's website.