Impact
NanoClaw before version 2.1.17 contains a symlink following vulnerability in its forwardAttachedFiles function. The host validates attachment names only with isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without checking containment. This flaw allows an attacker controlling a container to read arbitrary files on the host machine, exposing sensitive data.
Affected Systems
The affected product is NanoClaw from NanocoAI. Versions prior to 2.1.17 are vulnerable; any system running these releases is at risk.
Risk and Exploitability
The CVSS score of 6.8 indicates a moderate severity vulnerability. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector involves a malicious or compromised container executing the forwardAttachedFiles function, which can lead to disclosure of arbitrary host files. The lack of containment checks during symlink resolution makes this attack trivial for an attacker who can supply a crafted attachment name.
OpenCVE Enrichment