{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8235", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-09T09:37:49.916Z", "datePublished": "2026-05-10T06:15:10.898Z", "dateUpdated": "2026-05-11T14:58:11.414Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-10T06:15:10.898Z"}, "title": "8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "8421bit", "product": "MiniClaw", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.9.0", "status": "affected"}], "modules": ["System Command Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-09T11:46:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ybdesire (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/362455", "name": "VDB-362455 | 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/362455/cti", "name": "VDB-362455 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/809001", "name": "Submit #809001 | 8421bit MiniClaw 0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/8421bit/MiniClaw/issues/6", "tags": ["issue-tracking"]}, {"url": "https://github.com/8421bit/MiniClaw/pull/7", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84", "tags": ["patch"]}, {"url": "https://github.com/8421bit/MiniClaw/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://github.com/8421bit/MiniClaw/issues/6", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-11T14:57:49.859988Z", "id": "CVE-2026-8235", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-11T14:58:11.414Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["x_open-source"], "title": "8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "ybdesire (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "8421bit", "modules": ["System Command Handler"], "product": "MiniClaw", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.9.0"}]}], "timeline": [{"lang": "en", "time": "2026-05-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-09T11:46:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/362455", "name": "VDB-362455 | 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/362455/cti", "name": "VDB-362455 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/809001", "name": "Submit #809001 | 8421bit MiniClaw 0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/8421bit/MiniClaw/issues/6", "tags": ["issue-tracking"]}, {"url": "https://github.com/8421bit/MiniClaw/pull/7", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84", "tags": ["patch"]}, {"url": "https://github.com/8421bit/MiniClaw/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-10T06:15:10.898Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8235", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-11T14:57:49.859988Z"}}}], "references": [{"url": "https://github.com/8421bit/MiniClaw/issues/6", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-05-11T14:57:17.348Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-8235", "state": "PUBLISHED", "dateUpdated": "2026-05-10T06:15:10.898Z", "dateReserved": "2026-05-09T09:37:49.916Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-10T06:15:10.898Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue."}], "id": "CVE-2026-8235", "lastModified": "2026-05-13T15:33:38.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-05-10T07:16:08.953", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/8421bit/MiniClaw/"}, {"source": "cna@vuldb.com", "url": "https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84"}, {"source": "cna@vuldb.com", "url": "https://github.com/8421bit/MiniClaw/issues/6"}, {"source": "cna@vuldb.com", "url": "https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729"}, {"source": "cna@vuldb.com", "url": "https://github.com/8421bit/MiniClaw/pull/7"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/809001"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/362455"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/362455/cti"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/8421bit/MiniClaw/issues/6"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.9.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MiniClaw", "source": "cna", "vendor": "8421bit"}, "product": "miniclaw", "vendor": "8421bit"}], "created": "2026-05-10T07:30:05.903584+00:00", "updated": "2026-05-10T21:24:06.142891+00:00", "vendors": ["8421bit", "8421bit$PRODUCT$miniclaw"]}