OpenClaw's sandbox bind validation could bypass allowed-root and blocked-path checks via symlink-parent missing-leaf paths

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 24, 2026, sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.24...