CVE-2026-7875

Name of the Vulnerable Software and Affected Versions NanoClaw (affected versions not specified)

Description A host/container filesystem boundary issue exists in outbound attachment handling and outbox cleanup. A compromised or prompt-injected container can read files outside the intended outbox directory by providing crafted messages out.id and content.files values or by creating symlinked outbox files. This can lead to host-side reads of arbitrary files and, in certain instances, recursive deletion of paths outside the intended cleanup target.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.