Improper Link Resolution in Mosaxiv Clawlet File Tools
CVE-2026-15621
4.8MEDIUM
What is CVE-2026-15621?
A vulnerability exists in Mosaxiv Clawlet, specifically within the File Tools component, affecting versions up to 0.2.10. The flaw arises in the read_file, write_file, and edit_file functions of the fs_ops.go file, where improper link resolution can permit unauthorized local file manipulations. This issue necessitates local access for exploitation, allowing an attacker to follow links to unintended files. Further details can be found in the GitHub issue, which has been marked as 'not planned' for resolution.
Affected Version(s)
clawlet 0.2.0
clawlet 0.2.1
clawlet 0.2.2
