CVE-2026-32007 OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...