CVE-2026-16129
Received Received - Intake

Path Traversal in SafestClaw Built-in Web Interface

Vulnerability report for CVE-2026-16129, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._validate_command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users."

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
princezuda safestclaw to 4.2.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
CWE-183 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16129 is a security bypass in SafestClaw's sandboxed shell action. It allows attackers to execute blocked interpreters through the allowlisted 'env' wrapper. The vulnerability exists in the _validate_command() function in src/safestclaw/actions/shell.py, which only checks the basename of the first argument against an allowlist. This permits commands like 'env bash -c id' to bypass restrictions, leading to unauthorized command execution with SafeClaw's privileges.

Detection Guidance

Check if SafestClaw versions <= 4.2.4 are installed by inspecting the version in the source code or package metadata. Review the file src/safestclaw/actions/shell.py for the _validate_command function to confirm if it only checks the basename of the first argument against an allowlist. Monitor network traffic for POST requests to /api/message endpoints that may forward user-controlled input to shell actions.

Impact Analysis

This vulnerability allows attackers with local access to execute arbitrary commands, access files, and interact with the network through the SafeClaw process. Since the attack can be launched via the public POST /api/message endpoint, remote attackers could exploit it if the endpoint is exposed. The impact includes unauthorized code execution, data theft, or system compromise within the SafeClaw environment.

Compliance Impact

The vulnerability allows arbitrary code execution and unauthorized access to system resources within the SafeClaw process context. This could lead to unauthorized data access, modification, or exfiltration, which may violate GDPR's data protection requirements and HIPAA's safeguards for protected health information if sensitive data is involved.

Mitigation Strategies

Upgrade SafestClaw to a version beyond 4.2.4 if available. Modify the _validate_command function to validate all arguments in the command, not just the basename of the first argument. Restrict access to the /api/message endpoint to trusted users only. Disable or audit the env wrapper functionality if not required.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16129. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart