Description
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.
Published: 2026-05-06
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoClaw has a filesystem boundary flaw in its outbound attachment processing and outbox cleanup. By supplying specially crafted identifiers such as messages_out.id and content.files or creating symlinked files in the outbox, a compromised or injected container can cause the host process to read any file outside the designed outbox directory. In certain circumstances, the cleanup routine may also delete files or directories beyond the intended target, potentially removing critical host data. The weakness allows attackers to compromise confidentiality and integrity of host files, with the possible reduction of system availability if critical configuration files are removed.

Affected Systems

The vulnerability affects Qwibit’s NanoClaw product. No specific affected product versions are listed; all installations should be reviewed for exposure until a vendor patch is issued.

Risk and Exploitability

NanoClaw receives a CVSS score of 9.3, indicating high severity. The EPSS score is not available, but the lack of prior exploitation or KEV listing suggests this vulnerability may not yet be widely exploited. Attackers would need the ability to inject crafted attachment messages or create symlinks within the outbox, indicating that containers with file creation privileges or compromised within the outbound attachment flow can exploit it. The vulnerability’s path traversal nature (CWE‑22) makes exploitation straightforward once the preconditions are met.

Generated by OpenCVE AI on May 6, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NanoClaw to the latest supported release that incorporates the path‑traversal fix; deploy the patch as soon as it becomes available.
  • If a vendor patch is not yet released, disable or lock the outbox feature so that outbound attachment processing and cleanup run in a read‑only mode, preventing symlink creation and limiting container write access to the host outbox directory.
  • Harden container isolation by ensuring that the container runtime grants no write or symlink privileges to the host outbox directory; consider moving the outbox to a separate mount namespace or sandboxing it with strict security profiles such as seccomp to block dangerous system calls.
  • Implement runtime monitoring of file access around the outbox directory to detect abnormal read or delete activity, and enforce strict input validation on attachment parameters to guard against path‑traversal attacks (CWE‑22).

Generated by OpenCVE AI on May 6, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.
Title NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T13:46:53.748Z

Reserved: 2026-05-05T14:27:47.935Z

Link: CVE-2026-7875

cve-icon Vulnrichment

Updated: 2026-05-07T13:46:49.926Z

cve-icon NVD

Status : Received

Published: 2026-05-06T17:16:24.250

Modified: 2026-05-06T17:16:24.250

Link: CVE-2026-7875

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T18:00:12Z

Weaknesses