CVE-2026-56402
MediumCVSS 6.5Summary
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.
Risk Assessment
This vulnerability may lead to unauthorized execution of privileged actions within the system, posing a serious security threat to the organization.
Recommendation
It is recommended to update NanoClaw to version 2.1.17 or later to mitigate this vulnerability and implement additional authorization verification mechanisms.
Original NVD description (English source)
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

