Impact
NanoClaw versions before 2.1.17 contain a flaw in the handleApprovalsResponse function that does not verify the role of the responder. This missing authorization check constitutes CWE-862 and allows an attacker, who can supply a valid questionId, to submit approval or rejection payloads for privileged operations such as installing packages without proper role validation. The result is privilege escalation, as an unauthorized user can elevate privileges and exercise control over privileged actions.
Affected Systems
The affected product is Nanocoai’s NanoClaw application, specifically any deployment running a version older than 2.1.17.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity, and the lack of an EPSS value does not preclude exploitation. The vulnerability is not listed in CISA’s KEV catalog, but an attacker can leverage the unverified approval endpoint—likely via the API—provided they have the capability to send crafted responses. The absence of role validation creates a direct privilege escalation path that can compromise the entire application if not remediated.
OpenCVE Enrichment