Tag
A command injection vulnerability (CVE-2026-9453) exists in FoundDream miniclawd, where manipulation of the requires.bins argument in /src/application/skills-loader.ts allows remote command execution, and the exploit is publicly available.