CVE-2026-43989: JunoClaw Agentic AI Exposes Filesystem to Agents

/HIGH /CVSS 8.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-20cwe-22cwe-59cwe-73
CVE-2026-43989: JunoClaw Agentic AI Exposes Filesystem to Agents

The National Vulnerability Database has disclosed CVE-2026-43989, a high-severity vulnerability affecting JunoClaw, an agentic AI platform built on Juno Network. Prior to version 0.x.y-security-1, the upload_wasm MCP tool in JunoClaw accepted a filesystem path directly from an agent. Crucially, there was no validation of the path’s location, symlink targets, file size, or file format.

This flaw allows an agent to upload arbitrary bytes from the underlying filesystem, effectively turning a legitimate function into a powerful exfiltration or compromise vector. The CVSS score of 8.5 (HIGH) reflects the significant impact on confidentiality and integrity, with a lesser impact on availability, stemming from the ability of a user-initiated action to lead to system compromise. It’s a classic case of inadequate input validation (CWE-20, CWE-73) compounded by path traversal (CWE-22) and symlink following (CWE-59) issues.

Defenders must recognize the implications here: an attacker who gains control of an agent within JunoClaw could leverage this to extract sensitive configuration files, source code, or even inject malicious WebAssembly modules. The fix, available in version 0.x.y-security-1, is critical for any organization utilizing JunoClaw. Patching immediately is the only viable defense against this direct path to system compromise.

What This Means For You

  • If your organization uses JunoClaw, you need to immediately verify your version. Prior to 0.x.y-security-1, your agents could be exploited to exfiltrate arbitrary files from the host filesystem or introduce malicious code. Patch to the fixed version without delay.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1082 System Information Discovery Discovery T1204.002 Malicious File Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-43989: JunoClaw upload_wasm tool arbitrary file read

Sigma YAML — free preview 
title: CVE-2026-43989: JunoClaw upload_wasm tool arbitrary file read
id: scw-2026-05-12-ai-1
status: experimental
level: high
description: |
  Detects the use of the JunoClaw upload_wasm tool with a file path argument, indicating a potential attempt to exploit CVE-2026-43989 by reading arbitrary files from the filesystem.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-43989/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|endswith:
          - 'upload_wasm'
      CommandLine|contains:
          - '--file-path='
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-43989 Path Traversal JunoClaw agentic AI platform prior to version 0.x.y-security-1
CVE-2026-43989 Code Injection JunoClaw upload_wasm MCP tool
CVE-2026-43989 Misconfiguration JunoClaw upload_wasm MCP tool lacks validation for location, symlink target, file size, or file format

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 12, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Fortinet FortiAuthenticator Critical Improper Access Control Vulnerability

CVE-2026-44277 — A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to...

vulnerabilityCVEcriticalhigh-severityimproper-access-controlcwe-284
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs /⚙ 3 Sigma

Pingvin Share X Critical 2FA Bypass (CVE-2026-44196)

CVE-2026-44196 — Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an...

vulnerabilityCVEcriticalhigh-severityauthentication-bypasscwe-287cwe-697
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 2 IOCs /⚙ 2 Sigma

Cleanuparr CVE-2026-44183: Critical RCE via X-Forwarded-For Header Spoofing

CVE-2026-44183 — Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior...

vulnerabilityCVEcriticalhigh-severitycwe-290cwe-348
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 2 Sigma