CVE-2026-33654

HIGH EPSS 38.4%

Published Mar 27, 20263mo ago · Modified Jun 17, 20261w ago

8.9 CVSS 4.0

High

Published Mar 27, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions (and subsequently, system tools) without any interaction from the bot owner. By sending an email containing malicious prompts to the bot's monitored email address, the bot automatically polls, ingests, and processes the email content as highly trusted input, fully bypassing channel isolation and resulting in a stealthy, zero-click attack. Version 0.1.6 patches the issue.

CVSS Details

Base Score

8.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

38.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 3

CWE-1336

CWE-290

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 7

Vendor	Product	Version	Range
nanobot	nanobot	*	<0.1.4
nanobot	nanobot	0.1.4	any
nanobot	nanobot	0.1.4	any
nanobot	nanobot	0.1.4	any
nanobot	nanobot	0.1.4	any
nanobot	nanobot	0.1.4	any
nanobot	nanobot	0.1.4	any

References 1

github.com https://github.com/HKUDS/nanobot/security/advisories/GHSA-4gmr-2vc8-7qh3

ExploitMitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.