Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 7:50 p.m.10 views

CVE-2026-49139

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36101

Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...

5.2AI score0.00069EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 7:43 p.m.17 views

CVE-2026-33654

Summary of CVE-2026-33654 : nanobot (personal AI assistant) contains an indirect prompt injection vulnerability in the email channel processing module (nanobot/channels/email.py) prior to version 0.1.6. An unauthenticated remote attacker can send a malicious email to the bot’s monitored address, ...

9.8CVSS6.1AI score0.00489EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder