Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for junoclaw by Dragonmonk111

    CVE-2026-43993 (GCVE-0-2026-43993)

    Vulnerability from nvd – Published: 2026-05-12 16:29 – Updated: 2026-05-13 14:35
    VLAI
    Title
    JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:35:18.311148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:35:30.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge\u0027s computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:29:41.112Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/a168608",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/a168608"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-q545-mvjf-q9pg",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43993",
        "datePublished": "2026-05-12T16:29:41.112Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:35:30.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43992 (GCVE-0-2026-43992)

    Vulnerability from nvd – Published: 2026-05-12 16:25 – Updated: 2026-05-13 14:38
    VLAI
    Title
    JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-312 - Cleartext Storage of Sensitive Information
    • CWE-522 - Insufficiently Protected Credentials
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:34:03.835477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:16.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted \u0027mnemonic: string\u0027 as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:25:30.868Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/339701e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/339701e"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-j75q-8xvm-6c48",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43992",
        "datePublished": "2026-05-12T16:25:30.868Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:38:16.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43991 (GCVE-0-2026-43991)

    Vulnerability from nvd – Published: 2026-05-12 16:19 – Updated: 2026-05-13 14:11
    VLAI
    Title
    JunoClaw: plugin-shell shell-injection bypass via substring blocklist
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-184 - Incomplete List of Disallowed Inputs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:11:10.828920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:11:22.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell\u0027s command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-184",
                  "description": "CWE-184: Incomplete List of Disallowed Inputs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:19:54.198Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-fvq5-79h6-952c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-fvq5-79h6-952c"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6"
            }
          ],
          "source": {
            "advisory": "GHSA-fvq5-79h6-952c",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: plugin-shell shell-injection bypass via substring blocklist"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43991",
        "datePublished": "2026-05-12T16:19:54.198Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:11:22.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43990 (GCVE-0-2026-43990)

    Vulnerability from nvd – Published: 2026-05-12 16:22 – Updated: 2026-05-12 19:01
    VLAI
    Title
    JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:01:27.345836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:01:36.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell\u0027s run_command wrapped every agent-supplied command in \u0027sh -c\u0027 / \u0027cmd /C\u0027 and passed the full argument string to the shell\u0027s parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:22:22.326Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-gpvm-3chf-2649",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-gpvm-3chf-2649"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-gpvm-3chf-2649",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43990",
        "datePublished": "2026-05-12T16:22:22.326Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-12T19:01:36.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43989 (GCVE-0-2026-43989)

    Vulnerability from nvd – Published: 2026-05-12 16:21 – Updated: 2026-05-14 19:21
    VLAI
    Title
    JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43989",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T19:21:05.818360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T19:21:41.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:21:29.084Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-rw59-34hw-pmwp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-rw59-34hw-pmwp"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/a7886cd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/a7886cd"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-rw59-34hw-pmwp",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43989",
        "datePublished": "2026-05-12T16:21:29.084Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-14T19:21:41.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43993 (GCVE-0-2026-43993)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:29 – Updated: 2026-05-13 14:35
    VLAI
    Title
    JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:35:18.311148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:35:30.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge\u0027s computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:29:41.112Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-q545-mvjf-q9pg"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/a168608",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/a168608"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-q545-mvjf-q9pg",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43993",
        "datePublished": "2026-05-12T16:29:41.112Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:35:30.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43992 (GCVE-0-2026-43992)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:25 – Updated: 2026-05-13 14:38
    VLAI
    Title
    JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    • CWE-312 - Cleartext Storage of Sensitive Information
    • CWE-522 - Insufficiently Protected Credentials
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43992",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:34:03.835477Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:38:16.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted \u0027mnemonic: string\u0027 as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:25:30.868Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/339701e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/339701e"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-j75q-8xvm-6c48",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43992",
        "datePublished": "2026-05-12T16:25:30.868Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:38:16.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43990 (GCVE-0-2026-43990)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:22 – Updated: 2026-05-12 19:01
    VLAI
    Title
    JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43990",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T19:01:27.345836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T19:01:36.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell\u0027s run_command wrapped every agent-supplied command in \u0027sh -c\u0027 / \u0027cmd /C\u0027 and passed the full argument string to the shell\u0027s parser, allowing shell metacharacters in agent-supplied arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:22:22.326Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-gpvm-3chf-2649",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-gpvm-3chf-2649"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-gpvm-3chf-2649",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43990",
        "datePublished": "2026-05-12T16:22:22.326Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-12T19:01:36.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43989 (GCVE-0-2026-43989)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:21 – Updated: 2026-05-14 19:21
    VLAI
    Title
    JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43989",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T19:21:05.818360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T19:21:41.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:21:29.084Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-rw59-34hw-pmwp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-rw59-34hw-pmwp"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/a7886cd",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/a7886cd"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
            }
          ],
          "source": {
            "advisory": "GHSA-rw59-34hw-pmwp",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43989",
        "datePublished": "2026-05-12T16:21:29.084Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-14T19:21:41.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-43991 (GCVE-0-2026-43991)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:19 – Updated: 2026-05-13 14:11
    VLAI
    Title
    JunoClaw: plugin-shell shell-injection bypass via substring blocklist
    Summary
    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-184 - Incomplete List of Disallowed Inputs
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dragonmonk111 junoclaw Affected: < v0.x.y-security-1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-43991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T14:11:10.828920Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T14:11:22.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "junoclaw",
              "vendor": "Dragonmonk111",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c v0.x.y-security-1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell\u0027s command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-184",
                  "description": "CWE-184: Incomplete List of Disallowed Inputs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:19:54.198Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-fvq5-79h6-952c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-fvq5-79h6-952c"
            },
            {
              "name": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6"
            }
          ],
          "source": {
            "advisory": "GHSA-fvq5-79h6-952c",
            "discovery": "UNKNOWN"
          },
          "title": "JunoClaw: plugin-shell shell-injection bypass via substring blocklist"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-43991",
        "datePublished": "2026-05-12T16:19:54.198Z",
        "dateReserved": "2026-05-04T20:24:31.917Z",
        "dateUpdated": "2026-05-13T14:11:22.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }