GHSA-659F-22XC-98F2 OpenClaw hook transform path containment missed symlink-resolved escapes
Vulnerability Webhook transform modules were validated with lexical path checks only. A symlink under the allowed hooks transform tree could resolve outside the intended directory and be dynamically imported. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.21-2 ...