CVE-2026-16126
Received Received - Intake

Incorrect Authorization in Zevorn RT-Claw via Swarm RPC Receiver

Vulnerability report for CVE-2026-16126, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zevorn rt-claw From 0.2.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16126 is an authorization bypass vulnerability in the rt-claw software's swarm RPC mechanism. It allows unauthenticated remote attackers to invoke tools marked as local-only, such as save_memory, list_memories, and delete_memory, by exploiting a missing enforcement check in the receiver path of handle_rpc_request() in claw/services/swarm/swarm.c. This bypasses intended restrictions and enables remote manipulation of long-term memory entries.

Detection Guidance

Check if rt-claw is running on your system and verify the version. Inspect network traffic on UDP port 5300 for unexpected RPC calls. Look for unauthorized invocations of tools like save_memory, list_memories, or delete_memory in logs.

Impact Analysis

This vulnerability allows attackers to remotely save, list, and delete long-term memory entries on affected systems. This could lead to unauthorized persistence of attacker-controlled data, influencing the AI's future behavior or context. Exploitation requires network access to the swarm service on port 5300 but no authentication.

Compliance Impact

This vulnerability could violate compliance with GDPR and HIPAA due to unauthorized remote access to memory tools that persist data. Attackers can manipulate long-term memory entries, potentially exposing or altering sensitive user data stored in AI contexts. GDPR requires protecting personal data integrity and access controls, while HIPAA mandates safeguarding protected health information. The unauthorized persistence of attacker-controlled data may lead to unauthorized data processing or disclosure, violating these regulations.

Mitigation Strategies

Disable the swarm RPC service if not needed. Update to a patched version once available. Restrict network access to port 5300 via firewall rules. Monitor logs for suspicious activity related to memory tools.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16126. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart