CVE-2026-43992 - JunoClaw - Information Disclosure

Overview

JunoClaw < 0.x.y-security-1 contains an information disclosure vulnerability caused by embedding BIP-39 seed mnemonic in LLM tool-call JSON, letting attackers access sensitive seed data, exploit requires interception of transport or logs.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can access sensitive mnemonic seeds, potentially compromising wallet security and funds.

Mitigation

Update to version 0.x.y-security-1 or later.

References

Social Media Activity(4 posts)

TheHackerWire

@thehackerwire

May 12, 2026

🔴 CVE-2026-43992 - Critical (9.8) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43992/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

May 12, 2026

🔴 CVE-2026-43992 - Critical (9.8) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43992/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

May 12, 2026

🔴 CVE-2026-43992 - Critical (9.8) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43992/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

May 12, 2026

🔴 CVE-2026-43992 - Critical (9.8) JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-43992/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-43992 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(4 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score