PT-2026-43041 · Founddream · Miniclaw
Ybdesire
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-9453
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FoundDream miniclawd versions prior to 2d65665046e2222eeea76cafc8570ed546a8c125
Description
A command injection issue exists in the
SkillsLoader component within the file /src/application/skills-loader.ts. A remote attacker can trigger this by manipulating the requires.bins argument in the which() function. Command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server.Recommendations
Update to a version later than 2d65665046e2222eeea76cafc8570ed546a8c125.
As a temporary workaround, restrict or disable the use of the
which() function in the SkillsLoader component to prevent the manipulation of the requires.bins argument.Exploit
Fix
Command Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Miniclaw