Tag
A symlink following vulnerability, identified as CVE-2026-62189, in OpenClaw versions prior to 2026.6.9's mirror sync feature allows attackers with low privileges to bypass authorization boundaries by exploiting remote symlink parents, enabling unauthorized actions requiring stronger permissions.