{"data":{"id":"7b050b53-e6b4-42f2-93a4-b97a18d2149b","title":"CVE-2026-43990: JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped ","summary":"JunoClaw, an agentic AI platform (a system where AI agents can perform tasks autonomously) built on Juno Network, had a vulnerability in its plugin-shell component where commands supplied by agents were wrapped in shell interpreters without proper sanitization. This allowed shell metacharacters (special characters like pipes or semicolons that have meaning to the shell) in agent-supplied arguments to be interpreted as actual commands rather than plain text, potentially letting attackers run unintended commands. The vulnerability was fixed in version 0.x.y-security-1.","solution":"Update JunoClaw to version 0.x.y-security-1 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43990","publishedAt":"2026-05-12T17:16:20.953Z","cveId":"CVE-2026-43990","cweIds":["CWE-77","CWE-78"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["JunoClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T17:16:20.953Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}