CVE-2026-56402

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N                                    

Vulnerability Description

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

Vulnerability Details

Published Date

June 23, 2026

Last Modified

June 23, 2026

CWE ID

CWE-862

Source

NVD

Vendor

nanocoai

Product

nanoclaw

External References

https://github.com/nanocoai/nanoclaw/commit/6227bd1a5b016fb1eb76411bb6681b4c924a51a0
https://github.com/nanocoai/nanoclaw/pull/2478
https://www.vulncheck.com/advisories/nanoclaw-privilege-escalation-via-unverified-approval-response-handler
https://github.com/nanocoai/nanoclaw/pull/2478

CVE-2026-56402

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment