4 matches found
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
PT-2026-36101
Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...
CVE-2026-33654
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654
Summary of CVE-2026-33654 : nanobot (personal AI assistant) contains an indirect prompt injection vulnerability in the email channel processing module (nanobot/channels/email.py) prior to version 0.1.6. An unauthenticated remote attacker can send a malicious email to the bot’s monitored address, ...