Authorization Flaw in Zevorn RT-Claw RPC Receiver
CVE-2026-16126

6.9MEDIUM

Key Information:

Vendor

Zevorn

Status
Vendor
CVE Published:
18 July 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-16126?

A critical vulnerability exists in the Zevorn RT-Claw’s Swarm RPC Receiver due to improper authorization in the handle_rpc_request function located in swarm.c. This flaw allows an attacker to manipulate responses and gain unauthorized access to system functions. The vulnerability can be exploited remotely, posing a significant risk to system integrity. Although the issue was reported to the developers, there has been no public acknowledgment or remediation, leaving users vulnerable to potential exploitation. Organizations using affected versions of RT-Claw should take immediate action to assess their exposure and apply necessary safeguards.

Affected Version(s)

rt-claw 0.1

rt-claw 0.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eric-y (VulDB User)
VulDB CNA Team
.