CVE-2026-56692

NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

CVSS 6.8 MEDIUMCWE-59

In short

NanoClaw versions before 2.1.17 have a flaw where malicious agents can trick the system into copying files by using symbolic links, potentially exposing sensitive files from the host system.

Technical detail

A symlink following vulnerability exists in the forwardAttachedFiles function where filename validation via isSafeAttachmentName is insufficient, permitting container-controlled agents to leverage fs.copyFileSync's symlink traversal to read arbitrary host-accessible files without proper path containment checks.

Summary generated and translated by AI from the official description.

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks without containment checks, allowing malicious agents to disclose arbitrary host files.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

nanocoai · nanoclaw

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nanocoai/nanoclaw/commit/28032bc0eca76c91fb3d8be0013e8bcaf2f5aeae https://github.com/nanocoai/nanoclaw/pull/2468 https://www.vulncheck.com/advisories/nanoclaw-arbitrary-file-read-via-symlink-following-in-forwardattachedfiles