CVE-2026-8235
8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection
CVSS Score
5.5
EPSS Score
1.1%
EPSS Percentile
78th
A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.
| CWE | CWE-78 CWE-77 |
| Vendor | 8421bit |
| Product | miniclaw |
| Published | May 10, 2026 |
| Last Updated | May 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for 8421bit miniclaw
Be the first to know when new medium vulnerabilities affecting 8421bit miniclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
8421bit / MiniClaw
0.8.0 0.9.0
References
vuldb.com: https://vuldb.com/vuln/362455 vuldb.com: https://vuldb.com/vuln/362455/cti vuldb.com: https://vuldb.com/submit/809001 github.com: https://github.com/8421bit/MiniClaw/issues/6 github.com: https://github.com/8421bit/MiniClaw/pull/7 github.com: https://github.com/8421bit/MiniClaw/issues/6#issue-4290453729 github.com: https://github.com/8421bit/MiniClaw/commit/223c16a1088e138838dcbd18cd65a37c35ac5a84 github.com: https://github.com/8421bit/MiniClaw/
Credits
๐ ybdesire (VulDB User)