Adumpling

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.6 through 2026.3.24 **Description** A path traversal issue exists in the Feishu extension `resolveUploadInput()` function. This flaw allows attackers to bypass file-system sandbox restrictions by exploiting improper path resolution during `upload image` operations, enabling the reading of arbitrary files outside the configured `localRoots` boundaries. Path traversal is a technique where an attacker uses special characters to access files and directories that are stored outside the intended folder. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.