CVE-2026-16128

medium

Description

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver_thread of the file claw/services/swarm/swarm.c of the component http_request. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

https://vuldb.com/vuln/379840/cti

https://vuldb.com/vuln/379840

https://vuldb.com/submit/856873

https://vuldb.com/cve/CVE-2026-16128

https://github.com/zevorn/rt-claw/issues/140

https://github.com/zevorn/rt-claw/

Details

Source: Mitre, NVD

Published: 2026-07-18

Updated: 2026-07-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium