Is there a public PoC exploit available for CVE-2026-8112?

Yes, a public proof-of-concept exploit is available for CVE-2026-8112. Prioritise patching immediately. EPSS: 0.7%.

Is there a patch available for CVE-2026-8112?

Yes, a patch is available for CVE-2026-8112. Update the affected software to the latest version immediately.

8421bit MiniClaw CVE-2026-8112

Q: What is the CVSS score of CVE-2026-8112?

CVE-2026-8112 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.7%.

EUVD-2026-28466 LOW

OS Command Injection (CWE-78)

2026-05-07 VulDB

GHSA-q253-8qxh-gx79

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 07, 2026 - 22:22 NVD

MEDIUM LOW

CVSS changed

May 07, 2026 - 22:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

May 07, 2026 - 22:03 vuln.today

Analysis Generated

May 07, 2026 - 22:03 vuln.today

CVE Published

May 07, 2026 - 21:00 nvd

MEDIUM 6.3

DescriptionNVD

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 028f62216dee9f64833d0f1cfda7c217067ceba8. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

OS command injection in 8421bit MiniClaw's executeCognitivePulse function allows authenticated remote attackers to inject arbitrary shell commands via unsanitized prompt input passed to external CLI tools. The vulnerability stems from unsafe string interpolation in command construction, enabling execution of system commands with the privileges of the MiniClaw process. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8112 vulnerability details – vuln.today

Back