RCE in Hkuds Nanobot

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbi…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.002 (47.7th percentile) — read the EPSS interpretation.