Skip to main content

NanoClaw CVE-2026-56402

| EUVDEUVD-2026-38463 HIGH
Missing Authorization (CWE-862)
2026-06-23 VulnCheck GHSA-mhq9-hcw8-22mj
7.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable callback (AV:N), low attacker effort once a questionId is known (AC:L), requires ability to send a callback payload to the bot (PR:L), no user interaction, integrity-only impact via unauthorized approval dispatch.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 16:00 vuln.today
Analysis Generated
Jun 23, 2026 - 16:00 vuln.today

DescriptionCVE.org

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

AnalysisAI

Privilege escalation in NanoClaw before 2.1.17 lets remote attackers with a valid questionId approve or reject privileged actions (such as package installation) by submitting crafted approval response payloads. The handleApprovalsResponse function dispatches sensitive handlers without verifying the responder holds an owner/admin role, turning approval callbacks into an authorization bypass. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify NanoClaw approval bot
Delivery
Obtain valid pending questionId
Exploit
Submit crafted approval-response callback
Execution
handleApprovalsResponse dispatches without role check
Persist
Registered handler executes privileged action
Impact
Malicious package installed in agent container

Vulnerability AssessmentAI

Exploitation Attacker must be able to deliver an approval-response callback to NanoClaw's messaging integration (e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N) scores 7.1 and accurately reflects a low-privilege, network-reachable authorization bypass with high integrity impact and no confidentiality or availability loss - consistent with an attacker hijacking approval semantics rather than reading data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who learns or guesses a pending approval's questionId - for example, by observing an admin DM, intercepting a webhook, or replaying a leaked callback - submits a crafted approval response payload with value 'approve' and an arbitrary userId. The handler accepts it because role validation is missing, executing the privileged action such as installing attacker-chosen npm packages into the agent's container. …
Remediation Upgrade NanoClaw to 2.1.17 or later, which incorporates the upstream fix from commit 6227bd1a5b016fb1eb76411bb6681b4c924a51a0 (PR https://github.com/nanocoai/nanoclaw/pull/2478) that validates the responder's role against the permissions database before dispatching approval handlers. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all NanoClaw instances and versions in your environment. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56402 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy