Skip to main content

NanoClaw CVE-2026-56692

| EUVDEUVD-2026-38464 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-06-23 VulnCheck GHSA-6373-p7g2-mx2w
6.8
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Local vector and low privileges required; scope change (S:C) because the agent escapes its outbox boundary to read host files; no integrity or availability impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 16:03 vuln.today
Analysis Generated
Jun 23, 2026 - 16:03 vuln.today

DescriptionCVE.org

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

AnalysisAI

Symlink following in NanoClaw's agent-to-agent file forwarding exposes arbitrary host-readable files to container-controlled agents. All releases before 2.1.17 are affected; the forwardAttachedFiles function validated attachment filenames with isSafeAttachmentName but called fs.copyFileSync without first resolving symlinks or confirming the resolved path remained inside the agent's outbox directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Agent writes symlink with safe filename to outbox
Delivery
Symlink passes isSafeAttachmentName filename check
Exploit
Agent sends inter-agent message listing symlink as attachment
Execution
forwardAttachedFiles calls fs.copyFileSync, dereferencing symlink to host file
Persist
Host file contents written to destination agent inbox
Impact
Attacker reads exfiltrated host file from receiving agent

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to control an agent process with write access to that agent's own outbox directory within a NanoClaw deployment (PR:L per CVSS 4.0 - low-privilege agent-level access). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 scores this at 6.8 with AV:L/PR:L, accurately reflecting that exploitation is constrained to the local host and requires at minimum agent-process-level access - this is not a remotely exploitable, unauthenticated attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker controlling an agent process creates a file named `invoice.pdf` inside the agent's outbox directory that is actually a symlink to `/home/nanoclaw/.ssh/id_rsa` or `/etc/shadow`. The agent sends a message to another agent listing `invoice.pdf` as an attachment; NanoClaw's unpatched `forwardAttachedFiles` passes the filename check, calls `fs.copyFileSync` which follows the symlink, and delivers the host private key contents to the destination agent's inbox. …
Remediation Upgrade to NanoClaw 2.1.17 or later, which incorporates the symlink detection and path containment fix from PR #2468 (commit 28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae); see https://github.com/nanocoai/nanoclaw/pull/2468. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56692 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy