CVE-2026-16201
MEDIUM
5.3
CVSS 3.1
Description
A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation results in information disclosure. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
5.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| zevorn | rt-claw | — | 0.1, 0.2.0 |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
| 5.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R |
| 5.0 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR |
References (6)
- VDB-380017 | zevorn rt-claw http_request net.c claw_net_post information disclosure https://vuldb.com/vuln/380017
- VDB-380017 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/380017/cti
- CVE-2026-16201 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16201
- Submit #857623 | zevorn rt-claw 36d128f72afa0b9d40a21bcd6069b0c193a58f82 (unreleased main, post-v0.2.0) Local File Disclosure via `file://` Scheme (CWE-200) https://vuldb.com/submit/857623
- https://github.com/zevorn/rt-claw/issues/136
- https://github.com/zevorn/rt-claw/