CVE-2026-8113

Exploit

EPSS 0.41%
Veröffentlicht 07.05.2026 21:15:11
Zuletzt bearbeitet 14.05.2026 18:02:15
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

8421bit ≫ Miniclaw Version < 2026-03-27

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.328

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/8421bit/MiniClaw/

Product

https://vuldb.com/vuln/361901

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/361901/cti

VDB Entry

Permissions Required

https://vuldb.com/submit/808167

Third Party Advisory

VDB Entry

https://github.com/8421bit/MiniClaw/issues/5

Third Party Advisory

Exploit

Issue Tracking

https://github.com/8421bit/MiniClaw/pull/8

Patch

Issue Tracking

https://github.com/8421bit/MiniClaw/commit/e8bd4e17e9428260f2161378356affc5ce90d6ed

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-8113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8113

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-8113