CVE-2026-56692 | NanoClaw before 2.1.17 contains a symlink following vulnerab… | CVSS 5.5 MEDIUM

Description

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

Metadata

CVE ID: CVE-2026-56692
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-22 17:09 UTC
Published: 2026-06-23 15:34 UTC
Last updated: 2026-06-23 15:34 UTC
Primary CWE: CWE-59
Improper Link Resolution Before File Access ('Link Following…
Vendor / Product: nanocoai / nanoclaw
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products (1)

Vendor	Product	Platform	Versions
nanocoai	nanoclaw	—	0 < 2.1.17, 2.1.17

Weakness (CWE)

CWE	Source	Description
CWE-59	cna	Improper Link Resolution Before File Access ('Link Following')

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.8	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
5.5	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (3)