Command Injection Vulnerability in JunoClaw by Dragonmonk
CVE-2026-43991

8.4HIGH

Key Information:

Vendor: Dragonmonk111
Status: Junoclaw
Vendor: CVE Published:; 12 May 2026

🔔 Create Dragonmonk111 Vulnerability Alert

What is CVE-2026-43991?

The vulnerability in JunoClaw, developed by Dragonmonk, involves a command injection flaw within the plugin-shell's command-safety check. This issue arises from the inappropriate handling of raw command strings, which enables adversaries to construct arguments that bypass the intended security measures for executing commands on the host system. This flaw can lead to unauthorized command execution when paired with the relevant security advisory. The vulnerability has been resolved in version 0.x.y-security-1, effectively reinforcing the platform's defenses against such attacks.

Affected Version(s)

junoclaw < v0.x.y-security-1

References

https://github.com/Dragonmonk111/junoclaw/security/adviso...

x_refsource_CONFIRM

https://github.com/Dragonmonk111/junoclaw/commit/2bc54f6

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-43991 Data

JSON