CVE-2026-8112
Published: 07 May 2026
Summary
CVE-2026-8112 is a low-severity Command Injection (CWE-77) vulnerability in 8421Bit Miniclaw. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability exists in 8421bit MiniClaw up to commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 that allows OS command injection through the executeCognitivePulse function in src/kernel.ts. The issue stems from improper handling of input that reaches operating system command execution paths, corresponding to CWE-77 and CWE-78. The product follows a rolling release model, so no discrete version numbers are tracked for affected or fixed releases. The CVSS 4.0 base score is 2.1 with network attack vector and low attack complexity.
An authenticated remote attacker can supply crafted input to trigger command injection and obtain limited control over the host operating system. The attack requires no user interaction and can be launched over the network. A public exploit for the flaw has been disclosed.
The repository contains a patch in commit 028f62216dee9f64833d0f1cfda7c217067ceba8 that addresses the command injection. The project maintainers recommend deploying this patch to resolve the issue, with related details available in the associated GitHub issue and pull request.
The EPSS score rose from a low baseline to a peak of 0.0123 on 2026-05-13 before receding to the current value of 0.0011, indicating a temporary increase in exploitation interest after public disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-28466
Vulnerability details
A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made…
more
public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 028f62216dee9f64833d0f1cfda7c217067ceba8. To fix this issue, it is recommended to deploy a patch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection (CWE-78) in a callable function directly enables exploitation of public-facing apps (T1190) and arbitrary Unix shell command execution (T1059.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.