CVE-2026-8113
published 2026-05-07CVE-2026-8113: A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside…
PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.41%
33.0th percentile
A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 8421bit | miniclaw | < 2026-03-27 | 2026-03-27 |
| 8421bit | miniclaw | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h86r-7gjv-6c7v: A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f
ghsa_unreviewed·2026-05-08
CVE-2026-8113 [LOW] CWE-22 GHSA-h86r-7gjv-6c7v: A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f
A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.
VulDB
8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f executeSkillScript src/kernel.ts isPathInside path traversal
vuldb·2026-05-07·CVSS 2.1
CVE-2026-8113 [LOW] 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f executeSkillScript src/kernel.ts isPathInside path traversal
A vulnerability classified as critical was found in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal.
This vulnerability is registered as CVE-2026-8113. It is possible to launch the attack remotely. Furthermore, an exploit is available.
This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. It is advisable to implement a patch to correct this issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-07
Published