CVE Catalog

CVE-2026-56693

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Summary

NanoClaw before version 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.

Risk Assessment

This vulnerability may lead to unauthorized access to system resources, posing a serious security threat to the organization. Privilege escalation could allow attackers to manipulate data or take control of the system.

Recommendation

It is recommended to update NanoClaw to version 2.1.17 or later to mitigate this vulnerability. Additionally, conducting an audit of container configurations to ensure they do not have excessive privileges is advisable.

Original NVD description (English source)

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create_agent to create arbitrary agent groups, container configurations, and destinations, escalating beyond their intended confinement boundary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS