MEDIUM
FoundDream
CVE published 2026-05-25
CVE-2026-9452
A command injection vulnerability exists in FoundDream miniclawd, affecting the ExecTool.execute function in /src/tools/exec.ts. The vulnerability allows remote attackers to execute arbitrary operating system commands. The issue was reported to the project via GitHub issue but remains unaddressed. The affected code is present in commits up to 2d65665046e2222eeea76cafc8570ed546a8c125. The project does not [truncated]