CVE-2026-33654

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6

Description An indirect prompt injection exists in the email channel processing module (nanobot/channels/email.py). This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model (LLM) instructions and system tools without interaction from the bot owner. The issue occurs because the bot automatically polls and processes email content as highly trusted input, bypassing channel isolation. This results in a zero-click attack where a malicious email can poison the reasoning model, potentially leading to remote code execution (RCE) in downstream agents through trust propagation failure.

Recommendations Update to version 0.1.6. As a temporary workaround, restrict the use of the email channel processing module nanobot/channels/email.py to minimize the risk of exploitation.