Description
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.
Published: 2026-05-12
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JunoClaw’s plugin‑shell component contains a substring‑based blocklist that is intended to filter out dangerous shell commands. The blocklist check is performed against the raw command string rather than the first parsed token, enabling an attacker to construct arguments that bypass the filter and cause the host to execute arbitrary shell commands. This flaw effectively provides remote code execution on the system via the plugin‑shell interface.

Affected Systems

The vulnerability affects Dragonmonk111:junoclaw versions released prior to the 0.x.y-security-1 release. Users running any earlier release of JunoClaw with the plugin‑shell component are susceptible and should update to 0.x.y-security-1.

Risk and Exploitability

The CVSS score of 8.4 indicates severe impact and high exploitability. The vulnerability is not listed in CISA KEV and its exploit probability is currently undefined, but the easily exploitable nature of the blocklist bypass means attackers can readily craft malicious inputs. The likely attack vector is through the plugin‑shell interface, which may be exposed to authenticated users or automated services—an attacker can invoke the plugin with a crafted argument that triggers unauthorized command execution. Applying the 0.x.y-security-1 update mitigates the risk.

Generated by OpenCVE AI on May 12, 2026 at 17:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch to upgrade to 0.x.y-security-1.
  • If an immediate upgrade is not possible, restrict or disable the plugin‑shell feature until the patch can be applied.
  • Enforce least‑privilege for any accounts that can invoke plugin‑shell and monitor logs for unexpected command execution.

Generated by OpenCVE AI on May 12, 2026 at 17:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory. Pre-patch, the check was applied to the raw command string rather than the parsed first token. This vulnerability is fixed in 0.x.y-security-1.
Title JunoClaw: plugin-shell shell-injection bypass via substring blocklist
Weaknesses CWE-184
CWE-78
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T16:19:54.198Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43991

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T17:16:21.090

Modified: 2026-05-12T17:16:21.090

Link: CVE-2026-43991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:45:20Z

Weaknesses