PT-2026-39463 · Miniclaw · Miniclaw

Ybdesire

·

Published

2026-05-10

·

Updated

2026-05-10

·

CVE-2026-8235

CVSS v3.1

5.5

Medium

VectorAV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions 8421bit MiniClaw versions 0.8.0 through 0.9.0
Description An OS command injection issue exists within the System Command Handler component. The flaw is located in the resolveSkillScriptPath() function of the src/kernel.ts file, where improper manipulation allows for the execution of arbitrary operating system commands.
Recommendations Apply patch 223c16a1088e138838dcbd18cd65a37c35ac5a84 for versions 0.8.0 through 0.9.0. As a temporary workaround, restrict access to the resolveSkillScriptPath() function to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8235

Affected Products

Miniclaw