Agents
Nanobot CVE-2026-33654: Indirect Prompt Injection via Email Channel Enables Arbitrary LLM Tool Execution Without Authentication
CVE-2026-33654, disclosed March 27, is an indirect prompt injection vulnerability in Nanobot's email channel (nanobot/channels/email.py) prior to v0.1.6. Attackers can send malicious prompts to the bot's monitored email address to execute arbitrary LLM instructions and system tools without authentication. While scored Info-level (CVSS 0), this represents a clean example of the email-as-attack-vector pattern for autonomous agents — any agent monitoring an inbox without input sanitization is vulnerable to the same class of attack, and email is the most common agent integration surface in enterprise deployments.
Source
↳ Follow the thread