CVE-2026-8235: OS Command Injection in 8421bit MiniClaw
CVE-2026-8235 is an OS command injection vulnerability in 8421bit MiniClaw versions 0. 8. 0 and 0. 9. 0. It affects the resolveSkillScriptPath function in the src/kernel. ts file within the System Command Handler component. The vulnerability allows an attacker with low privileges to inject operating system commands due to insufficient input handling. A patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 is available to address this issue. The CVSS 4.
AI Analysis
Technical Summary
The vulnerability CVE-2026-8235 in 8421bit MiniClaw 0.8.0 and 0.9.0 arises from improper handling of input in the resolveSkillScriptPath function of src/kernel.ts, leading to OS command injection. This allows an attacker with low privileges and no user interaction to execute arbitrary OS commands with limited impact on confidentiality, integrity, and availability. The issue is fixed by a patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84. The CVSS 4.0 vector indicates the attack requires adjacent network access and low complexity, with no privileges required and no user interaction, but with limited impact. No vendor advisory or official remediation level is provided, but the patch commit is known.
Potential Impact
Successful exploitation of this vulnerability can lead to execution of arbitrary operating system commands on the affected system. The impact is rated medium with limited confidentiality, integrity, and availability impact. The attacker requires adjacent network access and low privileges. There is no evidence of exploitation in the wild at this time.
Mitigation Recommendations
A patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 is available and should be applied to affected versions 0.8.0 and 0.9.0 of 8421bit MiniClaw. Since the vendor advisory or official remediation level is not provided, users should verify the patch from the official source and apply it promptly to mitigate the vulnerability.
CVE-2026-8235: OS Command Injection in 8421bit MiniClaw
Description
CVE-2026-8235 is an OS command injection vulnerability in 8421bit MiniClaw versions 0. 8. 0 and 0. 9. 0. It affects the resolveSkillScriptPath function in the src/kernel. ts file within the System Command Handler component. The vulnerability allows an attacker with low privileges to inject operating system commands due to insufficient input handling. A patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 is available to address this issue. The CVSS 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-8235 in 8421bit MiniClaw 0.8.0 and 0.9.0 arises from improper handling of input in the resolveSkillScriptPath function of src/kernel.ts, leading to OS command injection. This allows an attacker with low privileges and no user interaction to execute arbitrary OS commands with limited impact on confidentiality, integrity, and availability. The issue is fixed by a patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84. The CVSS 4.0 vector indicates the attack requires adjacent network access and low complexity, with no privileges required and no user interaction, but with limited impact. No vendor advisory or official remediation level is provided, but the patch commit is known.
Potential Impact
Successful exploitation of this vulnerability can lead to execution of arbitrary operating system commands on the affected system. The impact is rated medium with limited confidentiality, integrity, and availability impact. The attacker requires adjacent network access and low privileges. There is no evidence of exploitation in the wild at this time.
Mitigation Recommendations
A patch identified by commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 is available and should be applied to affected versions 0.8.0 and 0.9.0 of 8421bit MiniClaw. Since the vendor advisory or official remediation level is not provided, users should verify the patch from the official source and apply it promptly to mitigate the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-09T09:37:49.916Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a002aeccbff5d86105df0ae
Added to database: 5/10/2026, 6:51:24 AM
Last enriched: 5/10/2026, 7:06:27 AM
Last updated: 5/10/2026, 8:58:38 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.