CVE-2026-8235

MEDIUM

8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection

Title source: cna

Description

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.

References (8)

Core 8

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-362455 | 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection

https://vuldb.com/vuln/362455

Signature, Permissions Required signature permissions-required

VDB-362455 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/362455/cti

Third Party Advisory third-party-advisory

Submit #809001 | 8421bit MiniClaw 0 OS Command Injection

https://vuldb.com/submit/809001

Issue Tracking issue-tracking

https://github.com/8421bit/MiniClaw/issues/6

Patch issue-tracking patch

https://github.com/8421bit/MiniClaw/pull/7

Exploit exploit issue-tracking

https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729

Patch patch

https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84

View Patch ZIP pw:eip

Product product

https://github.com/8421bit/MiniClaw/

Scores

CVSS v3 5.5

EPSS 0.0108

EPSS Percentile 78.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-77 CWE-78

Status published

Products (2)

8421bit/MiniClaw 0.8.0

8421bit/MiniClaw 0.9.0

Published May 10, 2026

Tracked Since May 10, 2026