Description
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.
Published: 2026-06-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoClaw versions before 2.1.17 contain a flaw in the handleApprovalsResponse function that does not verify the role of the responder. This missing authorization check constitutes CWE-862 and allows an attacker, who can supply a valid questionId, to submit approval or rejection payloads for privileged operations such as installing packages without proper role validation. The result is privilege escalation, as an unauthorized user can elevate privileges and exercise control over privileged actions.

Affected Systems

The affected product is Nanocoai’s NanoClaw application, specifically any deployment running a version older than 2.1.17.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, and the lack of an EPSS value does not preclude exploitation. The vulnerability is not listed in CISA’s KEV catalog, but an attacker can leverage the unverified approval endpoint—likely via the API—provided they have the capability to send crafted responses. The absence of role validation creates a direct privilege escalation path that can compromise the entire application if not remediated.

Generated by OpenCVE AI on June 24, 2026 at 11:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanoClaw to version 2.1.17 or newer to address the missing authorization check.
  • If an immediate upgrade is not feasible, restrict network access to the approval endpoint so that only authenticated administrators can send approval requests, using firewall rules or role‑based network segmentation.
  • Disable or temporarily suspend the approval handling feature until the patch is applied to prevent exploitation of the unverified approval flow.

Generated by OpenCVE AI on June 24, 2026 at 11:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Nanoco
Nanoco nanoclaw
Vendors & Products Nanoco
Nanoco nanoclaw

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.
Title NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T17:47:24.204Z

Reserved: 2026-06-21T12:37:58.435Z

Link: CVE-2026-56402

cve-icon Vulnrichment

Updated: 2026-06-23T17:47:12.738Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses