CVE-2026-7875

HIGH 8.8

NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.

CWE	CWE-22
Vendor	qwibit
Product	nanoclaw
Published	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for qwibit nanoclaw

Be the first to know when new high vulnerabilities affecting qwibit nanoclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Qwibit / NanoClaw

7814e45

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/qwibitai/nanoclaw/pull/2001 github.com: https://github.com/qwibitai/nanoclaw/commit/7814e45570edf0024a1a5c2ba9fbc9cb3a49f7f7

Credits

Chia Min Jun Lennon