Plateforme
python
Composant
nanobot
Corrigé dans
0.1.5
CVE-2026-33654 describes an authentication bypass vulnerability in nanobot, a personal AI assistant. This flaw allows a remote, unauthenticated attacker to execute arbitrary LLM instructions and potentially system tools without any interaction from the bot owner. The vulnerability affects versions of nanobot prior to 0.1.6 and is addressed in version 0.1.6.
The core of this vulnerability lies in the email channel processing module. An attacker can craft a malicious email containing carefully designed prompts. When nanobot automatically polls, ingests, and processes this email, it treats the content as highly trusted input, completely bypassing channel isolation. This results in a zero-click attack, meaning the bot owner doesn't need to interact with the email for the malicious instructions to be executed. The attacker can then leverage the LLM to execute system tools, potentially gaining unauthorized access and control over the system where nanobot is running. The stealthy nature of this attack, combined with the lack of user interaction, makes it particularly concerning.
This vulnerability was publicly disclosed on 2026-03-27. No public proof-of-concept (PoC) code has been released at the time of writing, but the description details a clear attack vector. The vulnerability's zero-click nature and potential for system tool execution suggest a medium exploitation probability. It is not currently listed on CISA KEV.
Organizations and individuals using nanobot for automated tasks or sensitive data processing are at risk. Specifically, those relying on email channels for bot interaction and those running nanobot in environments with limited security controls are particularly vulnerable. Shared hosting environments where nanobot instances might share resources are also at increased risk.
• python / server:
import os
import subprocess
def check_nanobot_version():
try:
result = subprocess.run(['pip', 'show', 'nanobot'], capture_output=True, text=True, check=True)
version = result.stdout.split('Version: ')[1].split('\n')[0]
if version <= '0.1.4.post6':
print(f"Vulnerability detected: nanobot version {version} is vulnerable.")
else:
print(f"nanobot version {version} is patched.")
except FileNotFoundError:
print("nanobot is not installed.")
except Exception as e:
print(f"Error checking nanobot version: {e}")
check_nanobot_version()• generic web: Monitor email logs for unusual or unexpected LLM requests originating from external sources. • generic web: Review nanobot configuration files for any unusual permissions granted to the LLM.
disclosure
Statut de l'Exploit
EPSS
0.13% (percentile 32%)
CISA SSVC
The primary mitigation is to upgrade nanobot to version 0.1.6 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing stricter input validation and sanitization on the email channel. While not a complete solution, this can help reduce the risk of malicious prompts being processed. Additionally, review and restrict the permissions granted to the LLM within nanobot to limit the potential impact of successful prompt injection. Monitor email logs for unusual activity or patterns that might indicate an attempted exploit.
Actualice nanobot a la versión 0.1.6 o superior. Esta versión corrige la vulnerabilidad de inyección de prompt indirecta en el procesamiento de correos electrónicos. La actualización evitará que atacantes remotos ejecuten instrucciones LLM arbitrarias sin interacción del propietario del bot.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-33654 is an authentication bypass vulnerability in nanobot versions prior to 0.1.6, allowing unauthenticated attackers to execute arbitrary LLM instructions via crafted emails.
You are affected if you are using nanobot version 0.1.4.post6 or earlier. Upgrade to version 0.1.6 or later to mitigate the vulnerability.
Upgrade nanobot to version 0.1.6 or later. As a temporary workaround, implement stricter input validation and restrict LLM permissions.
While no active exploitation has been publicly confirmed, the vulnerability's zero-click nature and potential impact make it a high-priority concern.
Refer to the nanobot project's official website or GitHub repository for the latest security advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.