Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-56692
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-23 Jun, 2026 | 15:34
Updated At-23 Jun, 2026 | 15:34
Rejected At-
▼CVE Numbering Authority (CNA)
NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

Affected Products
Vendor
nanocoai
Product
nanoclaw
Repo
https://github.com/nanocoai/nanoclaw
Default Status
unaffected
Versions
Affected
  • From 0 before 2.1.17 (semver)
Unaffected
  • 2.1.17 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-59Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Chia Min Jun Lennon
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nanocoai/nanoclaw/pull/2468
issue-tracking
https://github.com/nanocoai/nanoclaw/commit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae
patch
https://www.vulncheck.com/advisories/nanoclaw-arbitrary-file-read-via-symlink-following-in-forwardattachedfiles
third-party-advisory
Hyperlink: https://github.com/nanocoai/nanoclaw/pull/2468
Resource:
issue-tracking
Hyperlink: https://github.com/nanocoai/nanoclaw/commit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/nanoclaw-arbitrary-file-read-via-symlink-following-in-forwardattachedfiles
Resource:
third-party-advisory
Details not found