{"data":{"id":"11bbbe21-16da-4f46-bf1e-2b650ec3e567","title":"CVE-2026-43992: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, ","summary":"CVE-2026-43992 is a vulnerability in JunoClaw, an agentic AI platform (a system where AI makes decisions and takes actions) built on Juno Network. Before version 0.x.y-security-1, the platform's MCP write tools (functions that send tokens or execute contracts) required users to provide a BIP-39 seed (a cryptographic key used to generate wallet credentials) as a plain text parameter, which exposed this sensitive information to logs, telemetry, and other systems between the AI provider and the MCP process.","solution":"This vulnerability is fixed in version 0.x.y-security-1. Users should upgrade to this version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43992","publishedAt":"2026-05-12T17:16:21.240Z","cveId":"CVE-2026-43992","cweIds":["CWE-200","CWE-312","CWE-522","CWE-532"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["pii_leakage","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["JunoClaw","Juno Network"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T17:16:21.240Z","capecIds":["CAPEC-116","CAPEC-215"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}