Cyber Resilience

CVE-2026-36045

High

Published: 27 May 2026

Published
27 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0131 67.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-36045 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 33.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

picoclaw versions 0.1.2 and earlier contain an OS command injection vulnerability in the ExecTool component located in pkg/tools/shell.go. The guardCommand function attempts to sanitize inputs by applying a denylist of eight regular expressions, but the denylist is incomplete and fails to block all dangerous command patterns, resulting in CWE-78 exposure with a CVSS 3.1 score of 7.3.

An unauthenticated remote attacker can supply crafted input to the ExecTool interface and execute arbitrary operating system commands, achieving limited impacts on confidentiality, integrity, and availability without requiring user interaction or elevated privileges.

The EPSS score remains flat at 0.0274 with no material increase after disclosure, indicating limited observed exploitation interest to date. The referenced GitHub release and gist materials do not detail additional mitigations beyond the affected version tag.

EU & UK References

No EU or UK CSIRT advisories indexed for this CVE.

Vulnerability details

picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection via incomplete denylist directly enables arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-22606Shared CWE-78
CVE-2026-45629Shared CWE-78
CVE-2026-22227Shared CWE-78
CVE-2024-54018Shared CWE-78
CVE-2026-26280Shared CWE-78
CVE-2025-53949Shared CWE-78
CVE-2024-11253Shared CWE-78
CVE-2022-50793Shared CWE-78
CVE-2024-57019Shared CWE-78
CVE-2026-31386Shared CWE-78

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References