File Upload Vulnerability in JunoClaw AI Platform by Juno Network
CVE-2026-43989

8.5HIGH

Key Information:

Vendor

Dragonmonk111

Status
Junoclaw
Vendor
CVE Published:
12 May 2026

What is CVE-2026-43989?

The JunoClaw AI platform features a serious file upload weakness associated with its upload_wasm MCP tool. This vulnerability allowed for the uploading of potentially harmful files without verifying the source, destination, symlink targets, file sizes, or formats. As a result, malicious users could exploit this flaw to execute unauthorized code or access sensitive information. The issue has been rectified in versions 0.x.y-security-1, urging all users to upgrade promptly to ensure enhanced security.

Affected Version(s)

junoclaw < v0.x.y-security-1

References

https://github.com/Dragonmonk111/junoclaw/security/adviso...
x_refsource_CONFIRM
https://github.com/Dragonmonk111/junoclaw/commit/a7886cd
x_refsource_MISC
https://github.com/Dragonmonk111/junoclaw/releases/tag/v0...
x_refsource_MISC

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.