Sandbox Escape via Prompt Injection in NVIDIA NeMoClaw

CVE-2026-24222 exposes a critical sandbox isolation failure in NVIDIA NeMoClaw's initialization component. By injecting malicious prompts, remote attackers can manipulate the AI agent into exfiltrating host environment variables that should remain isolated within the sandbox boundary. This vulnerability has a CVSS score of 8.6 and represents a classic information disclosure risk—attackers gain unauthorized access to sensitive configuration data, API keys, credentials, and system details that could facilitate lateral movement or further exploitation. Organizations deploying NeMoClaw in production environments, particularly those using it for sensitive workloads or multi-tenant scenarios, face immediate risk of credential compromise and unauthorized system reconnaissance.

While this CVE currently maps to zero Casky.ai skills due to its emerging nature, practitioners should monitor for attack patterns associated with CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). When implemented, Casky's Claude-powered extended reasoning would detect behavioral anomalies such as: unusual prompt structures attempting to escape agent guardrails, systematic queries requesting environment variable access, and exfiltration attempts disguised as legitimate agent outputs. Practitioners would observe findings related to adversarial prompt crafting, sandbox boundary testing, and credential access attempts—patterns that precede the techniques in MITRE ATT&CK's Discovery (T1087) and Credential Access (T1555) phases. The key indicator: agent responses containing host environment data that should never be accessible to remote input.