{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/founddream/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9453"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["miniclawd"],"_cs_severities":["high"],"_cs_tags":["command-injection","cve","miniclawd"],"_cs_type":"advisory","_cs_vendors":["FoundDream"],"content_html":"\u003cp\u003eA command injection vulnerability, identified as CVE-2026-9453, affects FoundDream miniclawd up to commit 2d65665046e2222eeea76cafc8570ed546a8c125. The vulnerability resides within the SkillsLoader component, specifically in the /src/application/skills-loader.ts file. By manipulating the requires.bins argument, a remote attacker can inject and execute arbitrary commands on the target system. The public availability of an exploit for this vulnerability increases the risk of widespread exploitation. Since miniclawd uses a rolling release model, determining specific affected versions is challenging, complicating patching efforts. The lack of vendor response after being informed through an issue report further exacerbates the situation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of FoundDream miniclawd running a version up to commit 2d65665046e2222eeea76cafc8570ed546a8c125.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the SkillsLoader component.\u003c/li\u003e\n\u003cli\u003eWithin the crafted request, the attacker manipulates the requires.bins argument in the /src/application/skills-loader.ts file.\u003c/li\u003e\n\u003cli\u003eThe injected payload contains shell metacharacters to facilitate command injection.\u003c/li\u003e\n\u003cli\u003eThe miniclawd application processes the malicious request and passes the manipulated requires.bins argument to a function that executes commands.\u003c/li\u003e\n\u003cli\u003eThe application executes the attacker-controlled commands on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the target system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform further actions, such as installing malware, exfiltrating data, or pivoting to other systems within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary commands on systems running vulnerable versions of FoundDream miniclawd. This can lead to complete system compromise, data breaches, and potential disruption of services. Due to the public availability of the exploit, a wide range of miniclawd installations are at risk until patches or mitigations are applied.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor process creations for suspicious commands originating from the miniclawd application directory, using the Sigma rule \u0026ldquo;Detect Suspicious Process Creation from miniclawd\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for requests containing shell metacharacters in the requires.bins argument targeting /src/application/skills-loader.ts using the Sigma rule \u0026ldquo;Detect miniclawd Command Injection Attempt\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the requires.bins argument in /src/application/skills-loader.ts to prevent command injection (reference CVE-2026-9453).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:11:59Z","date_published":"2026-05-26T14:11:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-miniclawd-command-injection/","summary":"A command injection vulnerability (CVE-2026-9453) exists in FoundDream miniclawd, where manipulation of the requires.bins argument in /src/application/skills-loader.ts allows remote command execution, and the exploit is publicly available.","title":"FoundDream miniclawd Command Injection Vulnerability (CVE-2026-9453)","url":"https://feed.craftedsignal.io/briefs/2026-05-miniclawd-command-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9452"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["miniclawd"],"_cs_severities":["high"],"_cs_tags":["command-injection","vulnerability"],"_cs_type":"advisory","_cs_vendors":["FoundDream"],"content_html":"\u003cp\u003eA remote command injection vulnerability, identified as CVE-2026-9452, affects FoundDream miniclawd up to commit 2d65665046e2222eeea76cafc8570ed546a8c125. The vulnerability lies in the \u003ccode\u003eExecTool.execute\u003c/code\u003e function within the \u003ccode\u003e/src/tools/exec.ts\u003c/code\u003e file. An attacker can remotely exploit this vulnerability to execute arbitrary operating system commands on the target system. Public exploit code is available. The lack of versioning makes it difficult to determine specific affected releases. The project has been notified but remains unresponsive, indicating a potential lack of support or patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of FoundDream miniclawd running a version prior to or including commit 2d65665046e2222eeea76cafc8570ed546a8c125.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eExecTool.execute\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe crafted request injects OS commands into the parameters of the \u003ccode\u003eExecTool.execute\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe miniclawd application processes the request, passing the injected commands to the underlying operating system without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the attacker-controlled commands within the context of the miniclawd application.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as installing malware, exfiltrating sensitive data, or pivoting to other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9452 allows an attacker to execute arbitrary OS commands on the affected system. This can lead to complete system compromise, data theft, and further malicious activities. Since the project is unresponsive and no fix is available, all deployments are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for suspicious requests targeting the \u003ccode\u003e/src/tools/exec.ts\u003c/code\u003e endpoint with shell metacharacters, using a webserver rule as described in the next section.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003eExecTool.execute\u003c/code\u003e function in \u003ccode\u003eminiclawd\u003c/code\u003e to prevent command injection, if possible.\u003c/li\u003e\n\u003cli\u003eUntil a patch is available, consider implementing a reverse proxy with strict input filtering to mitigate the risk (see example webserver rule below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:11:44Z","date_published":"2026-05-26T14:11:44Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9452-miniclawd-command-injection/","summary":"A command injection vulnerability exists in FoundDream miniclawd within the ExecTool.execute function in /src/tools/exec.ts, which can be triggered remotely, allowing attackers to execute arbitrary OS commands.","title":"CVE-2026-9452 FoundDream miniclawd Remote Command Injection","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9452-miniclawd-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — FoundDream","version":"https://jsonfeed.org/version/1.1"}