Description
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.
Published: 2026-06-23
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoClaw before version 2.1.17 contains a symlink following vulnerability in its forwardAttachedFiles function. The host validates attachment names only with isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without checking containment. This flaw allows an attacker controlling a container to read arbitrary files on the host machine, exposing sensitive data.

Affected Systems

The affected product is NanoClaw from NanocoAI. Versions prior to 2.1.17 are vulnerable; any system running these releases is at risk.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity vulnerability. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector involves a malicious or compromised container executing the forwardAttachedFiles function, which can lead to disclosure of arbitrary host files. The lack of containment checks during symlink resolution makes this attack trivial for an attacker who can supply a crafted attachment name.

Generated by OpenCVE AI on June 24, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanoClaw to 2.1.17 or later to apply the fix for CWE-59, which removes the unchecked symlink following during file copying.
  • If upgrade is not possible, mitigate by disabling or restricting the forwardAttachedFiles function for untrusted or container-controlled agents, thereby limiting exploitation of the CWE-59 flaw.
  • Enforce stricter filesystem permissions, such as using read-only mounts or dedicated permission boundaries, to prevent a container from accessing host files that could be bound to the CWE-59 vulnerability.

Generated by OpenCVE AI on June 24, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Nanoco
Nanoco nanoclaw
Vendors & Products Nanoco
Nanoco nanoclaw

Wed, 24 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.
Title NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-24T13:58:10.393Z

Reserved: 2026-06-22T17:09:16.555Z

Link: CVE-2026-56692

cve-icon Vulnrichment

Updated: 2026-06-24T13:58:04.786Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')