2 matches found
CVE-2026-26972
OpenClaw has a path traversal vulnerability in the browser download helpers. In versions 2026.1.12 through 2026.2.12, the browser download assistant accepted unsanitized output paths, enabling writes outside the intended temp downloads directory when invoked via browser control gateway routes. Ex...
PT-2026-20962
OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, OpenClaw browser download helpers accepted an unsanitized output path. When invoked via the browser control gateway routes, this allowed path traversal to write downloads outside the intended OpenClaw temp downloads...