{"data":{"id":"2fcbbdcd-c142-4162-ad55-d49ad8ddf899","title":"CVE-2026-43989: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a","summary":"JunoClaw, an agentic AI platform (a system where AI makes decisions and takes actions) built on Juno Network, had a vulnerability in its upload_wasm MCP tool (a component that lets the AI upload compiled code). The tool accepted file paths from the AI without checking if the path was valid, if it pointed to unintended locations through shortcuts, or if the file was the right type, allowing it to upload any file on the system. This was fixed in version 0.x.y-security-1.","solution":"Update to version 0.x.y-security-1, which contains the fix for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43989","publishedAt":"2026-05-12T17:16:20.800Z","cveId":"CVE-2026-43989","cweIds":["CWE-20","CWE-22","CWE-59","CWE-73"],"cvssScore":"8.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["JunoClaw","Juno Network"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T17:16:20.800Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}