CVE-2026-32009 — OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /op — CVE Database · The Intelligence Room