CVE-2026-7875
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.
View on NVDAnalysis
NanoClaw appears to be a specialized framework for AI agent sandboxing rather than a core development tool or widely deployed infrastructure. While the host-to-container boundary breach is a high-severity issue, the tool's deployment scale among general web and mobile developers in Mexico is likely very low.
Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCWE-22EPSS
No EPSS score yet (CVE may be too fresh).
Technical description
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.