Missing Authorization in mosaxiv clawlet Chat Tool Component
CVE-2026-16017
Key Information:
Badges
What is CVE-2026-16017?
A vulnerability has been identified in the mosaxiv clawlet Chat Tool, specifically within the 'list/remove' function located in the 'tools/tool_cron.go' file. This issue allows for unauthorized manipulation due to a lack of proper authorization checks. The vulnerability can be exploited remotely, making it a significant risk for users running affected versions of the software. The issue has been acknowledged in public forums, and an exploit has reportedly been released. The GitHub issue associated with this vulnerability has since been closed with a 'not planned' resolution, indicating no immediate fix in progress.
Affected Version(s)
clawlet 0.2.0
clawlet 0.2.1
clawlet 0.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
