Improper Link Resolution in Mosaxiv Clawlet File Tools
CVE-2026-15621

4.8MEDIUM

Key Information:

Vendor

Mosaxiv

Status
Vendor
CVE Published:
14 July 2026

What is CVE-2026-15621?

A vulnerability exists in Mosaxiv Clawlet, specifically within the File Tools component, affecting versions up to 0.2.10. The flaw arises in the read_file, write_file, and edit_file functions of the fs_ops.go file, where improper link resolution can permit unauthorized local file manipulations. This issue necessitates local access for exploitation, allowing an attacker to follow links to unintended files. Further details can be found in the GitHub issue, which has been marked as 'not planned' for resolution.

Affected Version(s)

clawlet 0.2.0

clawlet 0.2.1

clawlet 0.2.2

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eric-b (VulDB User)
VulDB CNA Team
.