Skip to content
Threat Feed
high advisory

CVE-2026-9452 FoundDream miniclawd Remote Command Injection

A command injection vulnerability exists in FoundDream miniclawd within the ExecTool.execute function in /src/tools/exec.ts, which can be triggered remotely, allowing attackers to execute arbitrary OS commands.

A remote command injection vulnerability, identified as CVE-2026-9452, affects FoundDream miniclawd up to commit 2d65665046e2222eeea76cafc8570ed546a8c125. The vulnerability lies in the ExecTool.execute function within the /src/tools/exec.ts file. An attacker can remotely exploit this vulnerability to execute arbitrary operating system commands on the target system. Public exploit code is available. The lack of versioning makes it difficult to determine specific affected releases. The project has been notified but remains unresponsive, indicating a potential lack of support or patching.

Attack Chain

  1. The attacker identifies a vulnerable instance of FoundDream miniclawd running a version prior to or including commit 2d65665046e2222eeea76cafc8570ed546a8c125.
  2. The attacker crafts a malicious request targeting the ExecTool.execute function.
  3. The crafted request injects OS commands into the parameters of the ExecTool.execute function.
  4. The miniclawd application processes the request, passing the injected commands to the underlying operating system without proper sanitization.
  5. The operating system executes the attacker-controlled commands within the context of the miniclawd application.
  6. The attacker gains arbitrary code execution on the server.
  7. The attacker can then perform actions such as installing malware, exfiltrating sensitive data, or pivoting to other systems on the network.

Impact

Successful exploitation of CVE-2026-9452 allows an attacker to execute arbitrary OS commands on the affected system. This can lead to complete system compromise, data theft, and further malicious activities. Since the project is unresponsive and no fix is available, all deployments are at risk.

Recommendation

  • Monitor network traffic for suspicious requests targeting the /src/tools/exec.ts endpoint with shell metacharacters, using a webserver rule as described in the next section.
  • Implement input validation and sanitization on the ExecTool.execute function in miniclawd to prevent command injection, if possible.
  • Until a patch is available, consider implementing a reverse proxy with strict input filtering to mitigate the risk (see example webserver rule below).

Detection coverage 2

Detects CVE-2026-9452 Exploitation — miniclawd Command Injection Attempt

high

Detects CVE-2026-9452 exploitation attempt via shell metacharacters in request to /src/tools/exec.ts

sigma tactics: execution techniques: T1059.004 sources: webserver

Detect Suspicious Process Execution from Unmonitored Web Directories

medium

Detects processes spawned from web directories which can indicate command injection

sigma tactics: execution techniques: T1059.004 sources: process_creation, linux

Detection queries are available on the platform. Get full rules →