GHSA-CV7M-C9JX-VG7Q OpenClaw has a path traversal in browser upload allows local file read
Summary Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs without restricting them to a safe root. Severity remains Hi...