Skip to main content

8421bit MiniClaw CVE-2026-8112

| EUVDEUVD-2026-28466 LOW
OS Command Injection (CWE-78)
2026-05-07 VulDB GHSA-q253-8qxh-gx79
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 07, 2026 - 22:22 NVD
MEDIUM LOW
CVSS changed
May 07, 2026 - 22:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Source Code Evidence Fetched
May 07, 2026 - 22:03 vuln.today
Analysis Generated
May 07, 2026 - 22:03 vuln.today
CVE Published
May 07, 2026 - 21:00 nvd
MEDIUM 6.3

DescriptionCVE.org

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 028f62216dee9f64833d0f1cfda7c217067ceba8. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

OS command injection in 8421bit MiniClaw's executeCognitivePulse function allows authenticated remote attackers to inject arbitrary shell commands via unsanitized prompt input passed to external CLI tools. The vulnerability stems from unsafe string interpolation in command construction, enabling execution of system commands with the privileges of the MiniClaw process. Publicly available exploit code exists, and vendor-released patch commit 028f62216dee9f64833d0f1cfda7c217067ceba8 is available on GitHub.

Technical ContextAI

MiniClaw is a Node.js-based application that integrates with external CLI tools (ollama, ccr, gemini, qodercli, etc.) for cognitive processing. The vulnerable executeCognitivePulse function in src/kernel.ts was constructing shell commands by string concatenation, concatenating user-supplied prompts directly into command strings passed to exec() without escaping or validation. The root cause (CWE-78: Improper Neutralization of Special Elements used in an OS Command) resulted from using exec() which spawns a shell and interprets metacharacters. The patch replaces exec() with spawn() using array-based argument passing, which bypasses shell interpretation and prevents command injection. CPE cpe:2.3:a:8421bit:miniclaw:*:*:*:*:*:*:*:* indicates all versions of MiniClaw are potentially affected.

RemediationAI

Deploy patch commit 028f62216dee9f64833d0f1cfda7c217067ceba8 or a later version. The patch replaces unsafe exec() calls with spawn() using array-based argument passing, eliminating shell metacharacter interpretation. Users on rolling releases should pull the latest commit from https://github.com/8421bit/MiniClaw/. Patch details are available at https://github.com/8421bit/MiniClaw/pull/7. If immediate patching is not possible, restrict network access to MiniClaw to trusted internal users only, limit the set of available external CLI tools (removing those not in use), and implement input validation on prompts to block common command injection payloads (though this is not a substitute for patching). Verify external CLI tools (ollama, ccr, gemini, etc.) are properly sandboxed, as command injection can invoke any system command available in the MiniClaw process's PATH.

Share

CVE-2026-8112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy