A vulnerability, which was classified as critical , was found in OpenClaw up to 2026.4.7 . This affects the function upload_file . The manipulation results in path traversal. This vulnerability is cataloged as CVE-2026-41911 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.