Authorization Flaw in Zevorn RT-Claw RPC Receiver
CVE-2026-16126
Key Information:
Badges
What is CVE-2026-16126?
A critical vulnerability exists in the Zevorn RT-Claw’s Swarm RPC Receiver due to improper authorization in the handle_rpc_request function located in swarm.c. This flaw allows an attacker to manipulate responses and gain unauthorized access to system functions. The vulnerability can be exploited remotely, posing a significant risk to system integrity. Although the issue was reported to the developers, there has been no public acknowledgment or remediation, leaving users vulnerable to potential exploitation. Organizations using affected versions of RT-Claw should take immediate action to assess their exposure and apply necessary safeguards.
Affected Version(s)
rt-claw 0.1
rt-claw 0.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
