Skip to main content

8421bit MiniClaw CVE-2026-8235

| EUVDEUVD-2026-28988 LOW
OS Command Injection (CWE-78)
2026-05-10 VulDB GHSA-hpxg-grhm-7fxc
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 10, 2026 - 07:22 NVD
MEDIUM LOW
CVSS changed
May 10, 2026 - 07:22 NVD
5.5 (MEDIUM) 2.0 (LOW)
Source Code Evidence Fetched
May 10, 2026 - 07:15 vuln.today
Analysis Generated
May 10, 2026 - 07:15 vuln.today
CVE Published
May 10, 2026 - 06:15 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.

AnalysisAI

OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary system commands via the resolveSkillScriptPath function in the System Command Handler (src/kernel.ts). The vulnerability stems from unsafe command construction using string concatenation with unsanitized user input passed to shell execution. Publicly available exploit code exists, and a patch has been released by the vendor.

Technical ContextAI

MiniClaw is a Node.js-based system command handler that processes skill scripts and cognitive pulse prompts. The vulnerability exists in the resolveSkillScriptPath function within src/kernel.ts, which constructs shell commands by concatenating user-controlled prompt data directly into command strings without proper escaping or parameterization. The original code used the unsafe exec() function from Node.js child_process module with string interpolation, which allows shell metacharacters (pipes, semicolons, backticks, command substitution) in the prompt input to break out of the intended command context. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) classifies this as a classic command injection flaw. The patch migrates from exec(command_string) with string concatenation to spawn(command, args_array) with argument array separation, preventing shell interpretation of user input by bypassing the shell interpreter entirely.

RemediationAI

Apply the vendor-released patch immediately by updating to a version containing commit 223c16a1088e138838dcbd18cd65a37c35ac5a84. The patch is available via GitHub at https://github.com/8421bit/MiniClaw/pull/7. The fix replaces unsafe exec() string concatenation with spawn() using argument arrays, which eliminates shell interpretation of user input. If immediate patching is not feasible, temporarily disable the resolveSkillScriptPath function or restrict its use to trusted, pre-validated input only. An interim workaround involves validating and escaping all prompt input through a whitelist of allowed characters (alphanumerics, hyphens, underscores only) before passing to the cognitive pulse system, though this may break legitimate use cases and should only be used as a temporary measure. Network-level mitigation: restrict access to MiniClaw services to trusted internal networks only, as the AV:A vector requires adjacency. Monitor authentication logs for suspicious user account creation or privilege escalation attempts that could precede exploitation.

Share

CVE-2026-8235 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy