Which versions of NanoClaw are affected by CVE-2026-7875?

NanoClaw versions prior to the patched release contain a critical container escape vulnerability (CVSS 9.3) that allows compromised containers to read arbitrary host files and potentially delete host…. A patch is available.

NanoClaw CVE-2026-7875

Q: What is the CVSS score of CVE-2026-7875?

CVE-2026-7875 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-27873 CRITICAL

Path Traversal (CWE-22)

2026-05-06 VulnCheck

GHSA-42p7-cwm7-4cjg

Path Traversal

9.3

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 06, 2026 - 17:30 vuln.today

Analysis Generated

May 06, 2026 - 17:30 vuln.today

Severity Changed

May 06, 2026 - 17:22 NVD

HIGH CRITICAL

CVSS changed

May 06, 2026 - 17:22 NVD

8.8 (HIGH) 9.3 (CRITICAL)

DescriptionNVD

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.

AnalysisAI

Path traversal in NanoClaw's container filesystem boundary allows compromised containers or prompt-injected agents to escape isolation and read arbitrary host files via crafted message IDs and attachment paths, with potential for recursive deletion of host directories during outbox cleanup. The vulnerability exploits insufficient validation of outbound attachment filenames and symlink resolution in the host-side message handling code. …

RemediationAI

Within 24 hours: Identify all systems running NanoClaw and confirm current version; assess whether any containers currently have untrusted code execution or are exposed to prompt-injection vectors. Within 7 days: Apply vendor-released patch to all NanoClaw instances; validate patch deployment across production and non-production environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7875 vulnerability details – vuln.today

Back

NanoClaw CVE-2026-7875

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

NanoClaw CVE-2026-7875

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code