Cyber Resilience

CVE-2026-8112

LowPublic PoC

Published: 07 May 2026

Published
07 May 2026
Modified
29 May 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0294 85.4th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-8112 is a low-severity Command Injection (CWE-77) vulnerability in 8421Bit Miniclaw. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability exists in 8421bit MiniClaw up to commit 223c16a1088e138838dcbd18cd65a37c35ac5a84 that allows OS command injection through the executeCognitivePulse function in src/kernel.ts. The issue stems from improper handling of input that reaches operating system command execution paths, corresponding to CWE-77 and CWE-78. The product follows a rolling release model, so no discrete version numbers are tracked for affected or fixed releases. The CVSS 4.0 base score is 2.1 with network attack vector and low attack complexity.

An authenticated remote attacker can supply crafted input to trigger command injection and obtain limited control over the host operating system. The attack requires no user interaction and can be launched over the network. A public exploit for the flaw has been disclosed.

The repository contains a patch in commit 028f62216dee9f64833d0f1cfda7c217067ceba8 that addresses the command injection. The project maintainers recommend deploying this patch to resolve the issue, with related details available in the associated GitHub issue and pull request.

The EPSS score rose from a low baseline to a peak of 0.0123 on 2026-05-13 before receding to the current value of 0.0011, indicating a temporary increase in exploitation interest after public disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made…

more

public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 028f62216dee9f64833d0f1cfda7c217067ceba8. To fix this issue, it is recommended to deploy a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote OS command injection (CWE-78) in a callable function directly enables exploitation of public-facing apps (T1190) and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

8421bit
miniclaw
≤ 2026-04-29

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References