What is the CVSS score of CVE-2026-43991?

CVE-2026-43991 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of JunoClaw are affected by CVE-2026-43991?

JunoClaw plugin-shell versions prior to 0.x.y-security-1 contain a local command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands on affected systems when…

How to fix or mitigate CVE-2026-43991?

Within 24 hours: Identify all JunoClaw deployments with unsafe-shell enabled and document current versions; disable unsafe-shell feature on all non-critical systems. Within 7 days: Contact JunoClaw vendor for availability of version 0.x.y-security-1 and establish patch testing environment. Within 30 days: Deploy version 0.x.y-security-1 to all production JunoClaw instances; validate that allowlist-based token parsing is functioning correctly post-patch; re-enable unsafe-shell only where operationally necessary with compensating controls in place.

JunoClaw CVE-2026-43991

EUVD-2026-29540 HIGH

OS Command Injection (CWE-78)

2026-05-12 GitHub_M

Command Injection

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

May 12, 2026 - 17:16 vuln.today

Analysis Generated

May 12, 2026 - 17:16 vuln.today

CVE Published

May 12, 2026 - 16:19 nvd

HIGH 8.4

DescriptionNVD

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.

AnalysisAI

Command injection in JunoClaw's plugin-shell allowed adversarial argument construction to bypass the substring-based blocklist and achieve unauthorized command execution on the host when the unsafe-shell feature was enabled. Attackers could craft commands with special tokens or argument patterns to evade blocklist checks that scanned raw command strings instead of parsed first tokens. …

RemediationAI

Within 24 hours: Identify all JunoClaw deployments with unsafe-shell enabled and document current versions; disable unsafe-shell feature on all non-critical systems. Within 7 days: Contact JunoClaw vendor for availability of version 0.x.y-security-1 and establish patch testing environment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-43991 vulnerability details – vuln.today

Back

JunoClaw CVE-2026-43991

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code