Description
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.
Published: 2026-06-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoClaw software before version 2.1.0 allows a flaw in the channel‑registration approval workflow that does not enforce proper admin‑level authentication when handling approval responses. By sending forged or outdated connect‑callback messages, a user with scoped‑admin privileges can register channels for agent groups that are normally out of scope. This enables the attacker to view or control activity in restricted agent groups, effectively granting elevated privileges within the NanoClaw environment. The likely attack vector is that an authenticated scoped‑admin user submits forged or stale connect‑callback requests; this inference follows from the requirement that the attacker must already hold scoped‑admin rights to exploit the flaw.

Affected Systems

The vulnerability affects NanoCoAI’s NanoClaw product for all versions earlier than 2.1.0. No additional product or version qualifiers are listed; the issue is present in any pre‑2.1.0 release. Based on the description, the vulnerability applies to any NanoClaw instance running a pre‑2.1.0 version.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to obtain at least scoped‑admin rights on the NanoClaw instance and forge or replay a connect‑callback message. Once the callback is accepted, the attacker can create or manipulate channels that reference agent groups outside their administrative scope, leading to unauthorized observation or control of those groups. Based on the description, the likely attack vector involves an internal network or a privileged user session with scoped‑admin access, rather than a public‑facing exploit.

Generated by OpenCVE AI on June 24, 2026 at 11:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanoClaw to version 2.1.0 or later, which includes a fix that addresses the privilege validation flaw identified as CWE‑863.
  • Implement additional privilege checks for channel‑approval callbacks to enforce the rules defined in CWE‑863, ensuring that only fully‑privileged administrators can invoke these callbacks.
  • Enable comprehensive logging for all channel registration and approval events, and monitor for anomalous or forged callback traffic that may indicate attempts to exploit CWE‑863.

Generated by OpenCVE AI on June 24, 2026 at 11:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Nanoco
Nanoco nanoclaw
Vendors & Products Nanoco
Nanoco nanoclaw

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.
Title NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T17:03:21.332Z

Reserved: 2026-06-22T17:09:16.555Z

Link: CVE-2026-56694

cve-icon Vulnrichment

Updated: 2026-06-23T16:53:44.816Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses