Skip to main content

8421bit MiniClaw EUVD-2026-28988

| CVE-2026-8235 LOW
OS Command Injection (CWE-78)
2026-05-10 VulDB GHSA-hpxg-grhm-7fxc
Command Injection
2.0
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 10, 2026 - 07:22 NVD
MEDIUM LOW
CVSS changed
May 10, 2026 - 07:22 NVD
5.5 (MEDIUM) 2.0 (LOW)
Source Code Evidence Fetched
May 10, 2026 - 07:15 vuln.today
Analysis Generated
May 10, 2026 - 07:15 vuln.today
CVE Published
May 10, 2026 - 06:15 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.

AnalysisAI

OS command injection in 8421bit MiniClaw 0.8.0 and 0.9.0 allows local authenticated attackers to execute arbitrary system commands via the resolveSkillScriptPath function in the System Command Handler (src/kernel.ts). The vulnerability stems from unsafe command construction using string concatenation with unsanitized user input passed to shell execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28988 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy