CVE Catalog

CVE-2026-56694

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Summary

NanoClaw before version 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups.

Risk Assessment

Scoped admins can submit forged or stale connect callback values, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.

Recommendation

It is recommended to update NanoClaw to version 2.1.0 or later and implement additional privilege verification mechanisms in the channel registration approval process.

Original NVD description (English source)

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS