CVE-2026-43992 - Vulnerability Details

Description

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.

Published: 2026-05-12

Score: 9.8 Critical

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker to retrieve the full BIP‑39 seed phrase used to generate wallet key material because the seed is passed as a plain‐text parameter named 'mnemonic' in the JSON used by the MCP write tools. This data is included in the tool‑call payload and therefore may appear in any transport channel, logging system, or telemetry stream that backs the LLM provider and the MCP process, leading to disclosure of private keys and potential loss of funds. The flaw corresponds to information exposure weaknesses such as improper handling of sensitive data (CWE‑200), insecure transmission of credential material (CWE‑312), inadequate protection of secrets (CWE‑522), and log disclosure of secrets (CWE‑532).

Affected Systems

The affected vendor is Dragonmonk111, product JunoClaw, an agentic AI platform built on Juno Network. All releases before 0.x.y-security-1 are vulnerable, as they accepted 'mnemonic' as an explicit parameter in every MCP write tool.

Risk and Exploitability

The CVSS score is 9.8, indicating a critical impact. While a definitive EPSS score is unavailable, the vulnerability is likely to be exploitable because the mnemonic travels in clear text and may be captured by any component that records or forwards the tool‑call JSON. The vulnerability is not listed in CISA KEV. It is presumed that an attacker with access to the LLM provider side or the MCP transport layer could read the seed. No additional requirement such as privileged access is stated, so the risk is high for users running unpatched versions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dragonmonk111

junoclaw

affected

Version	Status	Constraints
`< v0.x.y-security-1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the 0.x.y-security-1 update or newer to JunoClaw to remove the unmanaged mnemonic parameter.
If an immediate patch is unavailable, stop passing the mnemonic value in tool‑call parameters and instead supply secrets from a secure vault or environment variable outside the JSON payload.
Review all logging, telemetry, and transport mechanisms used by the LLM provider and the MCP process to ensure the seed is never recorded or exposed; enable redaction or delete sensitive fields from logs.

Generated by OpenCVE AI on May 12, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Dragonmonk111/junoclaw/commit/339701e
https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1
https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48

History

Tue, 12 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
Title		JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
Weaknesses		CWE-200 CWE-312 CWE-522 CWE-532
References		https://github.com/Dragonmonk111/junoclaw/commit/339701e https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1 https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-12T16:25:30.868Z

Updated: 2026-05-12T16:25:30.868Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43992

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-12T17:16:21.240

Modified: 2026-05-12T17:16:21.240

Link: CVE-2026-43992

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T17:45:20Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object