8 matches found
CVE-2026-56694
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...
CVE-2026-56693
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...
CVE-2026-56694 NanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval Callback
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...
CVE-2026-56694
NanoClaw
EUVD-2026-38465
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...
EUVD-2009-0591
Malware in sbrugna...
CVE-2009-0588
agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...
rhpki-ra: improper authorization checks in Cerificate System's Registration Authority
agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...