All 5 CVE vulnerabilities found in junoclaw, with AI-generated Chinese analysis, references, and POCs.
Vendor: Dragonmonk111
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-43993 | JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access CWE-918 | 8.2 | High | 2026-05-12 |
| CVE-2026-43992 | JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter CWE-200 | 9.8 | Critical | 2026-05-12 |
| CVE-2026-43990 | JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper CWE-77 | 8.4 | High | 2026-05-12 |
| CVE-2026-43989 | JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation CWE-20 | 8.5 | High | 2026-05-12 |
| CVE-2026-43991 | JunoClaw: plugin-shell shell-injection bypass via substring blocklist CWE-78 | 8.4 | High | 2026-05-12 |
All 5 known CVE vulnerabilities affecting junoclaw with full Chinese analysis, references, and POCs where available.