CVE-2026-28462 — OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining wr — CVE Database · The Intelligence Room