Server-Side Request Forgery Vulnerability in Zevorn RT-Claw HTTP Request Component
CVE-2026-16127
6.9MEDIUM
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-16127?
A vulnerability exists in the RT-Claw tool, specifically affecting the function claw_net_get/claw_net_post in the http_request component. The flaw allows for manipulation of the URL argument, which can lead to server-side request forgery (SSRF). This vulnerability can be exploited remotely, posing risks to the integrity and security of the server. A public exploit is available, and the developers have not yet addressed the reported issue.
Affected Version(s)
rt-claw 0.1
rt-claw 0.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Eric-y (VulDB User)
VulDB CNA Team
