CVE-2026-56402
Deferred Deferred - Pending Action

Privilege Escalation in NanoClaw via Unauthorized Approval Handling

Vulnerability report for CVE-2026-56402, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-07-14
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nanoclaw nanoclaw to 2.1.17 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56402 is a privilege escalation vulnerability in NanoClaw versions before 2.1.17. The issue occurs in the handleApprovalsResponse function, which fails to verify whether the user submitting an approval response has the proper authorization or role.

Attackers who have a valid questionId can exploit this flaw to approve or reject privileged actions, such as package installations, without having the necessary admin or owner privileges. This happens because the system trusts the approval ID without checking the responder's role, leading to unauthorized users manipulating approval workflows.

Impact Analysis

This vulnerability can allow unauthorized users to escalate their privileges by approving or rejecting sensitive actions that should be restricted to admins or owners.

  • Attackers can approve or reject privileged operations like package installations.
  • It compromises the integrity of the approval process, allowing unauthorized changes to system configurations or software.
  • This can lead to unauthorized software being installed or critical actions being blocked or manipulated.
Detection Guidance

This vulnerability involves unauthorized approval responses being accepted without proper role validation. Detection can focus on monitoring approval response payloads that are submitted with valid questionId values but originate from users lacking admin or owner privileges.

To detect exploitation attempts, you can look for unusual approval response activities in logs, especially approval actions performed by non-admin users.

Since the vulnerability is in the handleApprovalsResponse function, monitoring application logs for unauthorized approval attempts or suspicious approval response payloads is recommended.

Specific commands depend on your logging and monitoring setup, but examples include:

  • Searching application logs for approval responses submitted by non-admin users: e.g., `grep 'approval response' /var/log/nanoclaw.log | grep -v 'admin'`
  • Using network monitoring tools to capture and analyze approval response payloads for suspicious activity.
  • Implementing custom scripts to parse logs for approval actions linked to questionId values submitted by unauthorized users.
Mitigation Strategies

The primary mitigation is to upgrade NanoClaw to version 2.1.17 or later, where the vulnerability has been fixed by enforcing strict authorization checks on approval responses.

The fix requires that only users with owner, global admin, or admin roles for the approval's agent group can approve or reject privileged actions.

Until the upgrade is applied, consider restricting access to the approval response mechanism to trusted users only and monitoring for suspicious approval activities.

Additionally, review and audit approval workflows to ensure that no unauthorized approvals or rejections have occurred.

Compliance Impact

The vulnerability in NanoClaw allows unauthorized users to escalate privileges and approve or reject privileged actions without proper role validation. This flaw can lead to unauthorized changes in system configurations or installations, potentially compromising system integrity and security.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, such unauthorized privilege escalation could result in violations of these regulations by enabling unauthorized access or modification of sensitive data or system controls, thereby undermining data protection and security requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56402. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart