CVE-2026-32054

OpenClaw versions prior to 2026.2.25 are affected by a symlink traversal in browser trace and download output path handling. A local attacker can create symlinks to route writes outside the intended temp directory, enabling arbitrary file overwrite. Remediate by upgrading to 2026.2.25 or later.