Description
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.
Published: 2026-05-12
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The JunoClaw agentic AI platform’s upload_wasm service accepted a filesystem path supplied by an agent without validating the location, symlink target, size, or format of the file. This allowed the agent to instruct the system to upload the contents of any file that the agent could access, effectively exposing arbitrary files and enabling the upload of malicious WebAssembly binaries. The flaw is a classic path‑traversal and input‑validation issue, corresponding to CWE‑20, CWE‑22, CWE‑59 and CWE‑73. The primary impact is that an attacker with control over the agent can read, upload, or replace arbitrary files on the host, potentially leading to privilege escalation or remote code execution if malicious wasm is served.

Affected Systems

All releases of the Dragonmonk111 JunoClaw platform prior to the 0.x.y-security-1 update are affected. No specific sub‑versions are listed as affected, but any build that has not been updated to this security patch is vulnerable.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. The EPSS score is not available, so the current probability of exploitation is unknown, but the vulnerability is likely exploitable over the network by malicious agents. It is not listed in the CISA KEV catalog. An attacker would need control of an agent to supply a malicious file path; once supplied, the system would blindly upload that data, allowing the attacker to exfiltrate or inject files.

Generated by OpenCVE AI on May 12, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JunoClaw platform to the 0.x.y-security-1 release or later, which validates file paths in the upload_wasm service.
  • After upgrading, test the upload_wasm functionality with both benign and restricted paths to confirm that path validation now prevents arbitrary file access.
  • If an immediate upgrade is not possible, configure the network or runtime environment to restrict the agent’s ability to supply arbitrary local paths, such as by applying directory isolation or dropping read permissions for sensitive files.

Generated by OpenCVE AI on May 12, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is fixed in 0.x.y-security-1.
Title JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
Weaknesses CWE-20
CWE-22
CWE-59
CWE-73
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T16:21:29.084Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43989

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T17:16:20.800

Modified: 2026-05-12T17:16:20.800

Link: CVE-2026-43989

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:45:20Z

Weaknesses