CVE-2026-56402

NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

CVSS 7.1 HIGHCWE-862

In short

NanoClaw before version 2.1.17 allows attackers to approve or reject important actions like package installation without proper permission checks. An attacker with a valid question ID can trick the system into thinking they have authorization they don't actually have.

Technical detail

The handleApprovalsResponse function in NanoClaw < 2.1.17 fails to validate the responder's role before processing approval payloads, allowing privilege escalation. An attacker with knowledge of a valid questionId can submit crafted approval responses to execute privileged operations (e.g., package installation) without proper authorization checks.

Summary generated and translated by AI from the official description.

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products

nanocoai · nanoclaw

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nanocoai/nanoclaw/commit/6227bd1a5b016fb1eb76411bb6681b4c924a51a0 https://github.com/nanocoai/nanoclaw/pull/2478 https://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-unverified-approval-response-handler