CVE-2026-56402

Description

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

nanocoai / nanoclaw0 – 2.1.17
nanocoai / nanoclaw2.1.17 – 2.1.17

References

PATCHhttps://github.com/nanocoai/nanoclaw/pull/2478
PATCHhttps://github.com/nanocoai/nanoclaw/commit/6227bd1a5b016fb1eb76411bb6681b4c924a51a0
VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-unverified-approval-response-handler