### Summary
In `openclaw` up to and including **2026.2.23** (latest npm release as of **February 24, 2026**), sandbox bind-source validation could be bypassed when a bind source used a symlinked parent plus a non-existent leaf path.

### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `<= 2026.2.23`
- Patched: `>= 2026.2.24` (planned next release)

### Root Cause
`validateBindMounts` previously relied on full-path realpath only when the full source path already existed. For missing-leaf paths, parent symlink traversal was not fully canonicalized before allowed-root and blocked-path checks.

### Security Impact
A source path that looked inside an allowed root could resolve outside that root (including blocked runtime paths) once the missing leaf was created, weakening sandbox bind-source boundary enforcement.

### Fix
The validation path now canonicalizes through the nearest existing ancestor, then always re-checks the canonical path against both:
- allowed source roots
- blocked runtime paths

### Verification
- `pnpm check`
- `pnpm exec vitest run --config vitest.gateway.config.ts`
- `pnpm test:fast`
- Added regression tests for symlink-parent + missing-leaf bypass patterns.

### Fix Commit(s)
- `b5787e4abba0dcc6baf09051099f6773c1679ec1`

### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.24`) so after npm publish the advisory can be published without further field edits.

OpenClaw thanks @tdjackey for reporting.


### Publication Update (2026-02-25)
`[email protected]` is published on npm and contains the fix commit(s) listed above. This advisory now marks `>= 2026.2.24` as patched.

CWE-22 Path Traversal

CWE-59 Link Following