Is there a public PoC exploit available for CVE-2026-8113?

Yes, a public proof-of-concept exploit is available for CVE-2026-8113. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-8113?

Yes, a patch is available for CVE-2026-8113. Update the affected software to the latest version immediately.

8421bit MiniClaw CVE-2026-8113

Q: What is the CVSS score of CVE-2026-8113?

CVE-2026-8113 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28467 LOW

Path Traversal (CWE-22)

2026-05-07 VulDB

GHSA-h86r-7gjv-6c7v

Path Traversal

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 07, 2026 - 22:22 NVD

MEDIUM LOW

CVSS changed

May 07, 2026 - 22:22 NVD

4.3 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

May 07, 2026 - 22:04 vuln.today

Analysis Generated

May 07, 2026 - 22:04 vuln.today

CVE Published

May 07, 2026 - 21:15 nvd

MEDIUM 4.3

DescriptionNVD

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.

AnalysisAI

Path traversal in MiniClaw's executeSkillScript function allows authenticated remote attackers to access files outside the intended skills directory via directory traversal sequences in the skillName or scriptFile parameters. The vulnerability affects the isPathInside function in src/kernel.ts, enabling disclosure of sensitive files with CVSS 4.3 (low confidentiality impact). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8113 vulnerability details – vuln.today

Back