Description
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.
Problem types
Improper Link Resolution Before File Access ('Link Following')
Product status
Any version before 2.1.17
2.1.17 (semver)
Credits
Chia Min Jun Lennon
References
github.com/nanocoai/nanoclaw/pull/2468 (Pull Request)
github.com/...ommit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae (Patch Commit)
www.vulncheck.com/...mlink-following-in-forwardattachedfiles