CVE-2026-16126
HIGH
7.3
CVSS 3.1
Description
A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| zevorn | rt-claw | — | 0.1, 0.2.0 |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 7.3 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (8)
- VDB-379838 | zevorn rt-claw Swarm RPC Receiver swarm.c handle_rpc_request authorization https://vuldb.com/vuln/379838
- VDB-379838 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/379838/cti
- CVE-2026-16126 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16126
- Submit #856870 | zevorn rt-claw unreleased post-v0.2.0 (36d128f) Incorrect Authorization (CWE-863) https://vuldb.com/submit/856870
- Submit #856871 | zevorn rt-claw unreleased post-v0.2.0 (36d128f) Improper Authorization (CWE-285) (Duplicate) https://vuldb.com/submit/856871
- https://github.com/zevorn/rt-claw/issues/135
- https://github.com/zevorn/rt-claw/issues/137
- https://github.com/zevorn/rt-claw/