CVE-2026-16128
Received Received - Intake

Server-Side Request Forgery in zevorn rt-claw

Vulnerability report for CVE-2026-16128, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver_thread of the file claw/services/swarm/swarm.c of the component http_request. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zevorn rt-claw to 0.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16128 is a Server-Side Request Forgery (SSRF) vulnerability in the rt-claw software affecting versions 0.2.0 and earlier. The flaw allows attackers to send unauthenticated UDP requests to the swarm RPC service, which then invokes the http_request tool with attacker-controlled JSON parameters. On Linux builds, the tool forwards these URLs directly to libcurl without validation, enabling the device to fetch internal or loopback HTTP endpoints and return responses via the RPC channel.

Detection Guidance

To detect this SSRF vulnerability in zevorn rt-claw, monitor network traffic for unauthorized outbound requests from the application, especially to internal or loopback addresses (e.g., 127.0.0.1, ::1). Check logs for unusual RPC requests invoking the http_request tool with external URLs. Use tools like tcpdump or Wireshark to inspect UDP traffic on the swarm RPC service port.

Impact Analysis

An attacker can exploit this to read sensitive loopback-only web interfaces, probe internal HTTP services, or retrieve confidential data such as tokens, configuration details, or API responses. The vulnerability is not blind, as the attacker receives the fetched content directly in the RPC response.

Compliance Impact

This SSRF vulnerability could lead to unauthorized access to internal systems or sensitive data, which may violate GDPR requirements for protecting personal data and HIPAA requirements for safeguarding protected health information if such data is exposed.

Mitigation Strategies

Immediately upgrade zevorn rt-claw to a patched version if available. If no patch exists, disable the swarm RPC service or restrict network access to it. Implement input validation to block requests to internal or loopback addresses. Use firewalls to prevent outbound connections to sensitive ranges.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16128. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart