PT-2026-43039 · Founddream · Miniclaw

Ybdesire

·

Published

2026-05-25

·

Updated

2026-05-25

·

CVE-2026-9452

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions FoundDream miniclawd versions prior to 2d65665046e2222eeea76cafc8570ed546a8c125
Description A remote OS command injection can occur via the ExecTool.execute() function located in the /src/tools/exec.ts file. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server.
Recommendations Update to a version later than 2d65665046e2222eeea76cafc8570ed546a8c125. As a temporary workaround, consider restricting access to the ExecTool.execute() function until a patch is applied.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9452

Affected Products

Miniclaw