{"data":{"id":"65d4eaae-2bfd-424b-ad26-7879ceccce18","title":"CVE-2026-43991: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin","summary":"JunoClaw is an agentic AI platform (a system where AI makes decisions and takes actions automatically) built on Juno Network that had a security flaw in its plugin-shell's command-safety check prior to version 0.x.y-security-1. The vulnerability allowed attackers to bypass the substring-based blocklist (a filter that blocks certain text patterns) by crafting tricky command arguments, which could lead to unauthorized command execution on the host system. The flaw occurred because the safety check looked at the raw command string instead of just the first parsed token (the initial instruction).","solution":"Update to version 0.x.y-security-1 or later, which fixes the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43991","publishedAt":"2026-05-12T17:16:21.090Z","cveId":"CVE-2026-43991","cweIds":["CWE-78","CWE-184"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["JunoClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T17:16:21.090Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}