CVE-2026-8113
MEDIUM8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal
Title source: cnaDescription
A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-361901 | 8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal
https://vuldb.com/vuln/361901
Signature, Permissions Required signature
permissions-required
VDB-361901 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/361901/cti
Third Party Advisory third-party-advisory
Submit #808167 | 8421bit MiniClaw 0 Path Traversal
https://vuldb.com/submit/808167
Exploit exploit
issue-tracking
https://github.com/8421bit/MiniClaw/issues/5
Patch issue-tracking
patch
https://github.com/8421bit/MiniClaw/pull/8
Product product
https://github.com/8421bit/MiniClaw/
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
13.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
8421bit/MiniClaw
43905b934cf76489ab28e4d17da28ee97970f91f
Published
May 07, 2026
Tracked Since
May 08, 2026