CVE Catalog

CVE-2026-56402

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

Risk Assessment

This vulnerability may lead to unauthorized execution of privileged actions within the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update NanoClaw to version 2.1.17 or later to mitigate this vulnerability and implement additional authorization verification mechanisms.

Original NVD description (English source)

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS