PT-2026-43041 · Founddream · Miniclaw

Ybdesire

·

Published

2026-05-25

·

Updated

2026-05-25

·

CVE-2026-9453

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions FoundDream miniclawd versions prior to 2d65665046e2222eeea76cafc8570ed546a8c125
Description A command injection issue exists in the SkillsLoader component within the file /src/application/skills-loader.ts. A remote attacker can trigger this by manipulating the requires.bins argument in the which() function. Command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server.
Recommendations Update to a version later than 2d65665046e2222eeea76cafc8570ed546a8c125. As a temporary workaround, restrict or disable the use of the which() function in the SkillsLoader component to prevent the manipulation of the requires.bins argument.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9453

Affected Products

Miniclaw