OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...

GHSA-JF25-7968-H2H5 OpenClaw: screen_record outPath bypassed workspace-only filesystem guard

Summary screenrecord outPath bypassed workspace-only filesystem guard. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact The node-host screen recording tool could honor an outPath outside the workspace guard, allowing an authorized tool call...

PT-2026-37022

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A path traversal issue exists in the screen record tool where the outPath parameter bypasses workspace-only filesystem guards. This allows an authorized tool call to write files to unintended...

GHSA-27CR-4P5M-74RJ OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths

A workspace-only file-system guard mismatch allowed @-prefixed absolute paths to bypass boundary validation in some tool path checks. Impact When tools.fs.workspaceOnly=true, certain @-prefixed absolute paths for example @/etc/passwd could be validated before canonicalization while runtime path...