GHSA-5ghc-98wh-gwwf

### Summary The Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads.

### Affected Packages / Versions - Package: `openclaw` (npm) - Latest published version observed: `2026.2.21-2` - Affected versions: `<=2026.2.21-2` - Planned fixed release version: `2026.2.22`

### Technical Details The vulnerable flow was in `src/gateway/control-ui.ts`, where `path.join(...)` + string-prefix checks were followed by file reads that resolved symlinks. This allowed directory-confinement bypasses when symlinks existed inside the Control UI root.

The fix now enforces realpath containment and verifies file identity before serving Control UI assets and SPA fallback `index.html`.

### Impact - Vulnerability type: path traversal / external file exposure via symlink following. - Primary impact: confidentiality (out-of-root file read). - Severity guidance: low in supported trusted-operator deployments; can be higher in unsupported shared-writable setups.

### Fix Commit(s) - `7c500ff6236fa087ec1ec88696ca9f6881e90dc5`

### Release Process Note `patched_versions` is pre-set to the planned next release (`2026.2.22`). After npm release is available, publish the advisory.

OpenClaw thanks @tdjackey for reporting.