CVE-2026-16127
Received Received - Intake

Server-Side Request Forgery in zevorn rt-claw

Vulnerability report for CVE-2026-16127, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw_net_get/claw_net_post of the file claw/tools/tool_net.c of the component http_request. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zevorn rt-claw to 0.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16127 is a Server-Side Request Forgery (SSRF) vulnerability in the zevorn rt-claw tool up to version 0.2.0. The issue occurs in the http_request component where user-supplied URLs are passed to claw_net_get or claw_net_post without proper validation. This allows attackers to manipulate the URL parameter to access internal or private network resources, including loopback addresses like 127.0.0.1.

Detection Guidance

Check if rt-claw versions up to 0.2.0 are installed. Monitor network traffic for unexpected outbound requests to loopback or private IPs from the rt-claw process. Inspect logs for claw_net_get or claw_net_post function calls with user-supplied URLs.

Impact Analysis

This vulnerability allows attackers to access sensitive data from internal HTTP services on your device or network. They could retrieve secrets, perform port scans, or interact with internal systems by sending crafted messages through supported channels like Telegram or Feishu integrations. The exploit is publicly available and can be executed remotely.

Compliance Impact

This SSRF vulnerability could lead to unauthorized access to sensitive data, violating GDPR's data protection principles and HIPAA's security requirements for protected health information. Unauthorized data exposure may result in non-compliance, legal penalties, and reputational damage due to insufficient network access controls.

Mitigation Strategies

Upgrade rt-claw to a patched version if available. Implement SSRF protections like allowlisting or blocklisting for URLs. Restrict network access for the rt-claw process to prevent outbound connections to sensitive endpoints.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart