Miniclawd
Monthly
Command injection in FoundDream miniclawd's SkillsLoader component exposes systems to remote unauthenticated arbitrary command execution via unsanitized manipulation of the `requires.bins` argument in `/src/application/skills-loader.ts`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote exploitation with no authentication or user interaction required, and SSVC classifies the attack as automatable with partial technical impact. A public exploit (POC) exists via GitHub issue tracker, the vendor has not responded to disclosure, and no patch has been released - leaving affected deployments with no official remediation path.
OS command injection in FoundDream miniclawd allows remote unauthenticated attackers to execute arbitrary system commands via the ExecTool.execute function in /src/tools/exec.ts. All versions up to commit 2d65665046e2222eeea76cafc8570ed546a8c125 are affected, and because the project uses no versioning scheme, the full exposure window cannot be bounded by a release number. A publicly available proof-of-concept exploit exists (disclosed via GitHub issue), and the project maintainer has not responded to the responsible disclosure, meaning no patch is available at time of analysis.
Command injection in FoundDream miniclawd's SkillsLoader component exposes systems to remote unauthenticated arbitrary command execution via unsanitized manipulation of the `requires.bins` argument in `/src/application/skills-loader.ts`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote exploitation with no authentication or user interaction required, and SSVC classifies the attack as automatable with partial technical impact. A public exploit (POC) exists via GitHub issue tracker, the vendor has not responded to disclosure, and no patch has been released - leaving affected deployments with no official remediation path.
OS command injection in FoundDream miniclawd allows remote unauthenticated attackers to execute arbitrary system commands via the ExecTool.execute function in /src/tools/exec.ts. All versions up to commit 2d65665046e2222eeea76cafc8570ed546a8c125 are affected, and because the project uses no versioning scheme, the full exposure window cannot be bounded by a release number. A publicly available proof-of-concept exploit exists (disclosed via GitHub issue), and the project maintainer has not responded to the responsible disclosure, meaning no patch is available at time of analysis.