Impact
NanoClaw versions prior to 2.1.17 expose a privilege escalation flaw in the create_agent delivery‑action handler, which writes directly to the central database without performing host‑side authorization checks. The vulnerability allows an unprivileged or confined agent container to create arbitrary agent groups, container configurations, and destination definitions, effectively breaking confinement boundaries and granting the attacker elevated rights over the system. The weakness is classified as CWE‑602, indicating insufficient checks for privileged actions.
Affected Systems
The affected vendor is Nanocoai and the impacted product is NanoClaw. Any installation of NanoClaw older than version 2.1.17 is susceptible, regardless of the particular deployment environment or configuration settings.
Risk and Exploitability
The CVSS score of 6.8 reflects a moderate severity vulnerability. No EPSS data is available and the issue is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector is through an existing confined agent container; an adversary who can control or manipulate such a container can invoke create_agent, causing unauthorized database writes and gaining elevated privileges across the system cluster. The missing host‑side authorization substantially lowers the effort required for exploitation, so the risk of successful attacks grows as confined agents become more widely deployed.
OpenCVE Enrichment