CVE-2026-9452

7.3 HIGH

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CVSS: 7.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-77, CWE-78

Description

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9452
[Other]https://github.com/FoundDream/miniclawd/
[Other]https://github.com/FoundDream/miniclawd/issues/1
[Other]https://vuldb.com/submit/813767
[Other]https://vuldb.com/vuln/365433
[Other]https://vuldb.com/vuln/365433/cti

Related CVEs

Same CWE

CVE-2026-22313 — The device has a webserver that exposes a REST API authenticated with a token on the management network (9.1 CRITICAL)
CVE-2026-44932 — Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a ... (8.8 HIGH)
CVE-2024-24909 — Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin (8.8 HIGH)
CVE-2026-12398 — A command injection vulnerability was found in galaxy_ng (7.5 HIGH)
CVE-2026-5416 — Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command in... (8.8 HIGH)