← volver
CVE-2026-8235

8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection

CVSS 5.1 MEDIUMEPSS 1.4%CWE-77CWE-78
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
8421bit · MiniClaw
PoCs públicas encontradas1
cve_referencegithub.com/8421bit/MiniClaw/issues/6#issue-4290453729no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/8421bit/MiniClaw/https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84https://github.com/8421bit/MiniClaw/issues/6https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729https://github.com/8421bit/MiniClaw/pull/7https://vuldb.com/submit/809001https://vuldb.com/vuln/362455https://vuldb.com/vuln/362455/cti