OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration

Summary Media Local Roots Self-Whitelisting in appendLocalMediaParentRoots Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still self-whitelists media parent dirs in...