CVE-2026-8113

MEDIUM 4.3

8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.

CWE	CWE-22
Vendor	8421bit
Product	miniclaw
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for 8421bit miniclaw

Be the first to know when new medium vulnerabilities affecting 8421bit miniclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

8421bit / MiniClaw

43905b934cf76489ab28e4d17da28ee97970f91f

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361901 vuldb.com: https://vuldb.com/vuln/361901/cti vuldb.com: https://vuldb.com/submit/808167 github.com: https://github.com/8421bit/MiniClaw/issues/5 github.com: https://github.com/8421bit/MiniClaw/pull/8 github.com: https://github.com/8421bit/MiniClaw/commit/e8bd4e17e9428260f2161378356affc5ce90d6ed github.com: https://github.com/8421bit/MiniClaw/

Credits

🔍 ybdesire (VulDB User)