CVE-2026-7875

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.

Vulnerability Details

Published Date

May 06, 2026

Last Modified

May 07, 2026

CWE ID

CWE-22

Source

NVD

External References

https://github.com/qwibitai/nanoclaw/commit/7814e45570edf0024a1a5c2ba9fbc9cb3a49f7f7
https://github.com/qwibitai/nanoclaw/pull/2001

CVE-2026-7875

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment