Server-Side Request Forgery in mosaxiv Clawlet Affects Multiple Versions
CVE-2026-15620
Key Information:
Badges
What is CVE-2026-15620?
A security vulnerability has been found in mosaxiv Clawlet versions up to 0.2.10, specifically within the tools.webFetch function located in the tools/tool_web_fetch.go file. This flaw allows attackers to execute server-side request forgery (SSRF) attacks, which can be initiated remotely. The exploit has been publicly disclosed, raising concerns over its potential misuse. The issue was previously tracked on GitHub, but has since been marked as 'not planned' for resolution.
Affected Version(s)
clawlet 0.2.0
clawlet 0.2.1
clawlet 0.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
