Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.
AnalysisAI
Path traversal in MiniClaw's executeSkillScript function allows authenticated remote attackers to access files outside the intended skills directory via directory traversal sequences in the skillName or scriptFile parameters. The vulnerability affects the isPathInside function in src/kernel.ts, enabling disclosure of sensitive files with CVSS 4.3 (low confidentiality impact). Publicly available exploit code exists and a vendor patch is available via commit e8bd4e17e9428260f2161378356affc5ce90d6ed.
Technical ContextAI
MiniClaw is a rolling-release Node.js application that manages skill execution through a kernel module. The vulnerability exists in path resolution logic used by the executeSkillScript handler. The flawed isPathInside function in src/kernel.ts failed to properly validate that resolved file paths remained within the designated SKILLS_DIR boundary. Attackers could exploit this by passing crafted skillName or scriptFile parameters containing directory traversal sequences (e.g., '../../../etc/passwd') to path.join(), which does not canonicalize or validate against escape attempts. The CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) root cause is resolved by the patch through explicit path canonicalization using path.resolve() combined with relative path validation and realpath() checks to detect symlink-based escapes.
RemediationAI
Update MiniClaw to the patched version by pulling commit e8bd4e17e9428260f2161378356affc5ce90d6ed or later from https://github.com/8421bit/MiniClaw (PR#8 contains the complete fix). The patch replaces unsafe path.join() calls with a new resolveSkillDirPath() function that validates paths using path.resolve(), path.relative(), and fs.realpath() to prevent directory traversal. Rebuild and restart the application after updating. If immediate patching is not feasible, implement network-level access controls to restrict skill execution endpoints to trusted authenticated users only, and disable the executeSkillScript handler if not required for operations. Monitor skill execution logs for suspicious patterns (requests with '../' sequences or absolute paths). Note that the vulnerability requires authentication (PR:L in CVSS), so disabling public access or enforcing strict authentication policies provides meaningful defense-in-depth while patch deployment is staged.
OS command injection in 8421bit MiniClaw's executeCognitivePulse function allows authenticated remote attackers to injec
OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary syste
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28467
GHSA-h86r-7gjv-6c7v