CVE-2026-56694
Received Received - Intake
Privilege Escalation in NanoClaw via Channel Approval Bypass

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channels into out-of-scope agent groups, exposing unauthorized groups to unapproved channels and enabling unauthorized observation or control of restricted agent group activity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56694
EUVD
EUVD-2026-38466
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nanoclaw nanoclaw to 2.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56694 is a privilege escalation vulnerability in NanoClaw versions before 2.1.0. It occurs in the channel-registration approval flow where the function handleChannelApprovalResponse fails to properly verify if an administrator has the necessary privileges over the target agent groups.

This flaw allows scoped administrators to submit forged or outdated connect callback values, which can wire messaging channels into agent groups outside their authorized scope. As a result, unauthorized agent groups can be exposed to unapproved channels, enabling unauthorized observation or control of restricted agent group activities.

Impact Analysis

This vulnerability can lead to unauthorized access and control over agent groups that a scoped administrator should not have access to. Specifically, it allows an attacker with scoped admin privileges to connect messaging channels to out-of-scope agent groups.

The impact includes potential unauthorized observation and influence over restricted agent group activities, which compromises the confidentiality and integrity of those groups. This could lead to sensitive information exposure or unauthorized manipulation of group communications.

Detection Guidance

This vulnerability involves scoped administrators submitting forged or stale connect callback values to wire messaging channels into unauthorized agent groups. Detection would involve monitoring for unusual or unauthorized channel registration approval activities, especially those where scoped admins connect channels to agent groups outside their authorized scope.

Since the vulnerability exploits improper validation in the handleChannelApprovalResponse function, detection could focus on auditing logs or events related to channel registration approvals for suspicious or unexpected target agent groups.

Specific commands are not provided in the available resources or CVE description.

Mitigation Strategies

The immediate mitigation step is to upgrade NanoClaw to version 2.1.0 or later, where the vulnerability has been fixed.

The fix ensures that scoped administrators can only connect channels to agent groups they have explicit admin privileges for by filtering approval options and verifying authorization during the approval response handling.

Until the upgrade is applied, restrict scoped admin privileges where possible and monitor channel registration approvals closely to detect any unauthorized activity.

Compliance Impact

The vulnerability allows scoped administrators to bypass authorization controls and connect messaging channels to unauthorized agent groups. This unauthorized access can lead to exposure or control of restricted agent group activities, potentially compromising confidentiality and integrity of sensitive information.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56694. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart