Description
Vulnerability
The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send.Because ACP runs over local stdio, this mainly affects local ACP clients (for example IDE integrations) that send unusually large inputs.
Affected Packages / Versions
- Package: openclaw (npm)
- Affected versions: <= 2026.2.17
- Patched version: 2026.2.18 (planned next release)
Impact
- Local ACP sessions may become less responsive when very large prompts are submitted
- Larger-than-expected model usage/cost when oversized text is forwarded
- No privilege escalation and no direct remote attack path in the default ACP model
Affected Components
- src/acp/event-mapper.ts
- src/acp/translator.ts
Remediation
- Enforce a 2 MiB prompt-text limit before concatenation
- Count inter-block newline separator bytes during pre-concatenation size checks
- Keep final outbound message-size validation before chat.send
- Avoid stale active-run session state when oversized prompts are rejected
- Add regression tests for oversize rejection and active-run cleanup
Fix Commit(s)
- 732e53151e8fbdfc0501182ddb0e900878bdc1e3
- ebcf19746f5c500a41817e03abecadea8655654a
- 63e39d7f57ac4ad4a5e38d17e7394ae7c4dd0b9c
