Dragonmonk111

5 exploits Active since May 2026
CVE-2026-43989 WRITEUP HIGH WRITEUP
JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.
CVSS 8.5
CVE-2026-43990 WRITEUP HIGH WRITEUP
JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1.
CVSS 8.4
CVE-2026-43991 WRITEUP HIGH WRITEUP
JunoClaw: plugin-shell shell-injection bypass via substring blocklist
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.
CVSS 8.4
CVE-2026-43992 WRITEUP CRITICAL WRITEUP
JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
CVSS 9.8
CVE-2026-43993 WRITEUP HIGH WRITEUP
JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.
CVSS 8.2