Cyber Posture

CVE-2026-43990

High

Published: 12 May 2026

Published
12 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-43990 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 8.4 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other AI Platforms.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

NVD Description

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied…

more

arguments to be interpreted as command syntax. This vulnerability is fixed in 0.x.y-security-1.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-77CWE-78

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

References