Loading market data...
← Back to CVE feed

CVE-2026-56694

MEDIUM CVSS 5.4 View on NVD ↗

Description

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Published: Jun 23, 2026 16:17 UTC Modified: Jun 23, 2026 18:18 UTC