Skip to main content

Nanobot CVE-2026-49140

| EUVDEUVD-2026-33760 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-01 VulnCheck GHSA-4rm2-fq3x-g7x7
5.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 01, 2026 - 21:22 NVD
4.3 (MEDIUM) 5.3 (MEDIUM)
Source Code Evidence Fetched
Jun 01, 2026 - 20:50 vuln.today
Analysis Generated
Jun 01, 2026 - 20:50 vuln.today

DescriptionCVE.org

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth by sending media events with missing or invalid size metadata. Attackers can send multiple concurrent Matrix media events with omitted or invalid declared sizes to trigger simultaneous large media downloads that fully materialize response bodies before post-download rejection, consuming process resources until service degradation occurs.

AnalysisAI

Nanobot's Matrix channel media download handler exhausts process memory and bandwidth when authenticated room members submit media events carrying missing or invalid declared size metadata. All versions of Nanobot prior to 0.2.1 are affected (CPE: cpe:2.3:a:hkuds:nanobot:*:*:*:*:*:*:*:*). An authenticated Matrix room member can send multiple concurrent malformed media events, causing the handler to fully materialize response bodies before performing post-download size validation, consuming process resources until service availability degrades. No public exploit code or CISA KEV listing exists at time of analysis; a vendor-released patch is available in v0.2.1.

Technical ContextAI

Nanobot is an AI agent framework by HKUDS that supports Matrix as an integration channel. The vulnerable component is the Matrix channel media download handler, which fetches media attachments triggered by Matrix media events. The root cause maps to CWE-770 (Allocation of Resources Without Limits or Throttling): the handler does not enforce a size limit or perform pre-download validation when event metadata omits or falsifies declared media size, causing it to eagerly buffer entire response bodies into process memory before the rejection logic runs. The Matrix protocol allows room members to reference arbitrary media URIs; without a pre-flight size check, each concurrent download becomes an unbounded allocation. The fix was delivered in commit 1d4000560dfff1acb83f5c5ca8ef3ab1f092bd14 and formally released as v0.2.1.

RemediationAI

Vendor-released patch: v0.2.1. Upgrade Nanobot to version 0.2.1 or later, available at https://github.com/HKUDS/nanobot/releases/tag/v0.2.1; the specific fix is captured in commit 1d4000560dfff1acb83f5c5ca8ef3ab1f092bd14 (https://github.com/HKUDS/nanobot/commit/1d4000560dfff1acb83f5c5ca8ef3ab1f092bd14) and tracked in pull request #4106. For environments where an immediate upgrade is not possible, a targeted compensating control is to disable or unconfigure the Matrix channel integration entirely, eliminating the attack surface at the cost of losing Matrix messaging functionality. Alternatively, restricting Matrix room membership to fully trusted internal accounts limits the pool of potential attackers, though this does not eliminate the vulnerability - any authenticated member retains the ability to exploit it. Rate-limiting or proxying outbound Matrix media fetch requests through an external service with enforced download size caps (e.g., a reverse proxy with max-body-size controls) may reduce the severity of resource exhaustion but introduces operational complexity and is not a substitute for patching.

Share

CVE-2026-49140 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy