CVE-2026-7875

High

Published: 06 May 2026

Published

06 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score N/A

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox…

files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-22

References

https://github.com/qwibitai/nanoclaw/commit/7814e45570edf0024a1a5c2ba9fbc9cb3a49f7f7
disclosure@vulncheck.com
https://github.com/qwibitai/nanoclaw/pull/2001
disclosure@vulncheck.com