CVE-2026-16201
Received Received - Intake

Information Disclosure in zevorn rt-claw HTTP Request Handler

Vulnerability report for CVE-2026-16201, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: VulDB

Description

A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation results in information disclosure. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zevorn rt-claw to 0.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a local file disclosure issue in the rt-claw project's http_request tool. It allows attackers to read local files by exploiting improper URL validation. The tool accepts file:// URLs without checking the scheme, causing libcurl to read local files instead of making network requests. This exposes sensitive file contents through the tool's response.

Detection Guidance

Check if rt-claw is installed and inspect its version. Look for unusual file:// URL usage in logs or network traffic. Test by attempting to access local files via the tool.

Impact Analysis

An attacker could exploit this to read files accessible to the rt-claw process user. This may include sensitive system files, configuration files, or other confidential data. The impact depends on the permissions of the user running rt-claw.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating compliance requirements for GDPR (data protection) and HIPAA (health information privacy). Organizations may face legal penalties if this flaw results in data breaches.

Mitigation Strategies

Upgrade rt-claw to a patched version if available. Restrict rt-claw's permissions to limit file access. Monitor for suspicious file:// URL requests in logs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16201. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart