Home / Vulnerability Intelligence / CVE-2026-7875

CVE-2026-7875 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 6, 2026

NanoClaw - Path Traversal

Published: May 6, 2026Updated: May 6, 2026

Overview

NanoClaw contains a path traversal caused by crafted messages_out.id and content.files or symlinked outbox files in outbound attachment handling and outbox cleanup, letting compromised containers read or delete files outside intended directories, exploit requires compromised or prompt-injected container.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can read arbitrary files and recursively delete files outside intended directories, potentially leading to data loss and information disclosure.

Mitigation

Update to the latest version with the vulnerability fixed.

References

https://github.com/qwibitai/nanoclaw/commit/7814e45570edf0024a1a5c2ba9fbc9cb3a49f7f7
https://github.com/qwibitai/nanoclaw/pull/2001

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7875
Severity: High
CVSS Score: 8.8
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H