Description
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.
Published: 2026-06-23
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoClaw versions prior to 2.1.17 expose a privilege escalation flaw in the create_agent delivery‑action handler, which writes directly to the central database without performing host‑side authorization checks. The vulnerability allows an unprivileged or confined agent container to create arbitrary agent groups, container configurations, and destination definitions, effectively breaking confinement boundaries and granting the attacker elevated rights over the system. The weakness is classified as CWE‑602, indicating insufficient checks for privileged actions.

Affected Systems

The affected vendor is Nanocoai and the impacted product is NanoClaw. Any installation of NanoClaw older than version 2.1.17 is susceptible, regardless of the particular deployment environment or configuration settings.

Risk and Exploitability

The CVSS score of 6.8 reflects a moderate severity vulnerability. No EPSS data is available and the issue is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector is through an existing confined agent container; an adversary who can control or manipulate such a container can invoke create_agent, causing unauthorized database writes and gaining elevated privileges across the system cluster. The missing host‑side authorization substantially lowers the effort required for exploitation, so the risk of successful attacks grows as confined agents become more widely deployed.

Generated by OpenCVE AI on June 24, 2026 at 11:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanoClaw to version 2.1.17 or later to eliminate the missing authorization checks.
  • If upgrading is not possible, reconfigure confined agents or the host environment to deny the create_agent action and enforce explicit host‑side checks for privileged database operations.
  • Enable comprehensive audit logging for create_agent calls and monitor logs for any unauthorized or anomalous activity.

Generated by OpenCVE AI on June 24, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Nanoco
Nanoco nanoclaw
Vendors & Products Nanoco
Nanoco nanoclaw

Tue, 23 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.
Title NanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System Action
Weaknesses CWE-602
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T15:48:39.689Z

Reserved: 2026-06-22T17:09:16.555Z

Link: CVE-2026-56693

cve-icon Vulnrichment

Updated: 2026-06-23T15:48:24.791Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-602

    Client-Side Enforcement of Server-Side Security