CVE-2026-8235

Source
https://cve.org/CVERecord?id=CVE-2026-8235
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8235.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8235
Published
2026-05-10T06:15:10.898Z
Modified
2026-07-08T08:11:39.810588974Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection
Details

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8235.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ]
}
References

Affected packages

Git / github.com/8421bit/miniclaw

Affected ranges

Type
GIT
Repo
https://github.com/8421bit/miniclaw
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0.8.0"
        },
        {
            "last_affected": "0.8.0"
        },
        {
            "introduced": "0.9.0"
        },
        {
            "last_affected": "0.9.0"
        }
    ]
}

Affected versions

0.*
0.8.0
0.9.0
v0.*
v0.8.0
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8235.json"