Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

nanoclaw

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-56694
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-23 Jun, 2026 | 15:35
Updated-23 Jun, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.

Action-Not Available
Vendor-nanocoai
Product-nanoclaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-56693
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.8||MEDIUM
EPSS-Not Assigned
Published-23 Jun, 2026 | 15:35
Updated-23 Jun, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.

Action-Not Available
Vendor-nanocoai
Product-nanoclaw
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2026-56692
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.8||MEDIUM
EPSS-Not Assigned
Published-23 Jun, 2026 | 15:34
Updated-23 Jun, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

Action-Not Available
Vendor-nanocoai
Product-nanoclaw
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-56402
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-23 Jun, 2026 | 15:34
Updated-23 Jun, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

Action-Not Available
Vendor-nanocoai
Product-nanoclaw
CWE ID-CWE-862
Missing Authorization