Home

Description

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

PUBLISHED Reserved 2026-06-22 | Published 2026-06-23 | Updated 2026-06-24 | Assigner VulnCheck




MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Link Resolution Before File Access ('Link Following')

Product status

Default status
unaffected

Any version before 2.1.17
affected

2.1.17 (semver)
unaffected

Credits

Chia Min Jun Lennon finder

References

github.com/nanocoai/nanoclaw/pull/2468 (Pull Request) issue-tracking

github.com/...ommit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae (Patch Commit) patch

www.vulncheck.com/...mlink-following-in-forwardattachedfiles third-party-advisory

cve.org (CVE-2026-56692)

nvd.nist.gov (CVE-2026-56692)

Download JSON