OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

OpenClaw contains a medium-severity information disclosure vulnerability (CVE-2026-3689, CVSS 6.5) that allows authenticated remote attackers to access sensitive data on affected systems. The vulnerability requires valid authentication credentials to exploit, limiting the attack surface to users with account access. Security teams should prioritize patching OpenClaw installations and review access controls for user accounts, particularly for privileged or sensitive roles.