Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by mosaxiv

    CVE-2026-15621 (GCVE-0-2026-15621)

    Vulnerability from nvd – Published: 2026-07-14 00:45 – Updated: 2026-07-14 12:41
    VLAI
    Title
    mosaxiv clawlet File Tools fs_ops.go edit_file link following
    Summary
    A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378124 vdb-entrytechnical-description
    https://vuldb.com/vuln/378124/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15621 third-party-advisory
    https://vuldb.com/submit/855796 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/15 issue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15621",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:40:34.700214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:41:02.564Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/mosaxiv/clawlet/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "File Tools"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Link Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:45:11.699Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378124 | mosaxiv clawlet File Tools fs_ops.go edit_file link following",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378124"
            },
            {
              "name": "VDB-378124 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378124/cti"
            },
            {
              "name": "CVE-2026-15621 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15621"
            },
            {
              "name": "Submit #855796 | mosaxiv clawlet 0.2.10 Improper Link Resolution Before File Access (CWE-59)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855796"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet File Tools fs_ops.go edit_file link following"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15621",
        "datePublished": "2026-07-14T00:45:11.699Z",
        "dateReserved": "2026-07-13T16:57:41.446Z",
        "dateUpdated": "2026-07-14T12:41:02.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15620 (GCVE-0-2026-15620)

    Vulnerability from nvd – Published: 2026-07-14 00:15 – Updated: 2026-07-14 14:30
    VLAI
    Title
    mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery
    Summary
    A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378123 vdb-entrytechnical-description
    https://vuldb.com/vuln/378123/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15620 third-party-advisory
    https://vuldb.com/submit/855795 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/14 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15620",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:02:01.018585Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:30:34.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:15:08.152Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378123 | mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378123"
            },
            {
              "name": "VDB-378123 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378123/cti"
            },
            {
              "name": "CVE-2026-15620 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15620"
            },
            {
              "name": "Submit #855795 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855795"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/14"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15620",
        "datePublished": "2026-07-14T00:15:08.152Z",
        "dateReserved": "2026-07-13T16:57:38.543Z",
        "dateUpdated": "2026-07-14T14:30:34.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15619 (GCVE-0-2026-15619)

    Vulnerability from nvd – Published: 2026-07-14 00:00 – Updated: 2026-07-14 00:00
    VLAI
    Title
    mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
    Summary
    A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378122 vdb-entrytechnical-description
    https://vuldb.com/vuln/378122/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15619 third-party-advisory
    https://vuldb.com/submit/855793 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/13 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "IPv4 Handler"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:00:12.931Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378122 | mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378122"
            },
            {
              "name": "VDB-378122 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378122/cti"
            },
            {
              "name": "CVE-2026-15619 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15619"
            },
            {
              "name": "Submit #855793 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/13"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15619",
        "datePublished": "2026-07-14T00:00:12.931Z",
        "dateReserved": "2026-07-13T16:57:35.760Z",
        "dateUpdated": "2026-07-14T00:00:12.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15618 (GCVE-0-2026-15618)

    Vulnerability from nvd – Published: 2026-07-13 23:45 – Updated: 2026-07-14 12:47
    VLAI
    Title
    mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism
    Summary
    A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378121 vdb-entrytechnical-description
    https://vuldb.com/vuln/378121/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15618 third-party-advisory
    https://vuldb.com/submit/855792 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/12 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:47:29.774644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:47:41.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "exec Safety Guard"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T23:45:09.804Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378121"
            },
            {
              "name": "VDB-378121 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378121/cti"
            },
            {
              "name": "CVE-2026-15618 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15618"
            },
            {
              "name": "Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855792"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15618",
        "datePublished": "2026-07-13T23:45:09.804Z",
        "dateReserved": "2026-07-13T16:57:32.960Z",
        "dateUpdated": "2026-07-14T12:47:41.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15621 (GCVE-0-2026-15621)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:45 – Updated: 2026-07-14 12:41
    VLAI
    Title
    mosaxiv clawlet File Tools fs_ops.go edit_file link following
    Summary
    A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378124 vdb-entrytechnical-description
    https://vuldb.com/vuln/378124/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15621 third-party-advisory
    https://vuldb.com/submit/855796 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/15 issue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15621",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:40:34.700214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:41:02.564Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/mosaxiv/clawlet/issues/15"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "File Tools"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "Link Following",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:45:11.699Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378124 | mosaxiv clawlet File Tools fs_ops.go edit_file link following",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378124"
            },
            {
              "name": "VDB-378124 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378124/cti"
            },
            {
              "name": "CVE-2026-15621 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15621"
            },
            {
              "name": "Submit #855796 | mosaxiv clawlet 0.2.10 Improper Link Resolution Before File Access (CWE-59)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855796"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/15"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet File Tools fs_ops.go edit_file link following"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15621",
        "datePublished": "2026-07-14T00:45:11.699Z",
        "dateReserved": "2026-07-13T16:57:41.446Z",
        "dateUpdated": "2026-07-14T12:41:02.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15620 (GCVE-0-2026-15620)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:15 – Updated: 2026-07-14 14:30
    VLAI
    Title
    mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery
    Summary
    A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378123 vdb-entrytechnical-description
    https://vuldb.com/vuln/378123/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15620 third-party-advisory
    https://vuldb.com/submit/855795 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/14 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15620",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:02:01.018585Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:30:34.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:15:08.152Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378123 | mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378123"
            },
            {
              "name": "VDB-378123 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378123/cti"
            },
            {
              "name": "CVE-2026-15620 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15620"
            },
            {
              "name": "Submit #855795 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855795"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/14"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15620",
        "datePublished": "2026-07-14T00:15:08.152Z",
        "dateReserved": "2026-07-13T16:57:38.543Z",
        "dateUpdated": "2026-07-14T14:30:34.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15619 (GCVE-0-2026-15619)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:00 – Updated: 2026-07-14 00:00
    VLAI
    Title
    mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
    Summary
    A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378122 vdb-entrytechnical-description
    https://vuldb.com/vuln/378122/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15619 third-party-advisory
    https://vuldb.com/submit/855793 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/13 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "IPv4 Handler"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:00:12.931Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378122 | mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378122"
            },
            {
              "name": "VDB-378122 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378122/cti"
            },
            {
              "name": "CVE-2026-15619 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15619"
            },
            {
              "name": "Submit #855793 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/13"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15619",
        "datePublished": "2026-07-14T00:00:12.931Z",
        "dateReserved": "2026-07-13T16:57:35.760Z",
        "dateUpdated": "2026-07-14T00:00:12.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15618 (GCVE-0-2026-15618)

    Vulnerability from cvelistv5 – Published: 2026-07-13 23:45 – Updated: 2026-07-14 12:47
    VLAI
    Title
    mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism
    Summary
    A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378121 vdb-entrytechnical-description
    https://vuldb.com/vuln/378121/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15618 third-party-advisory
    https://vuldb.com/submit/855792 third-party-advisory
    https://github.com/mosaxiv/clawlet/issues/12 exploitissue-tracking
    https://github.com/mosaxiv/clawlet/ product
    Impacted products
    Vendor Product Version
    mosaxiv clawlet Affected: 0.2.0
    Affected: 0.2.1
    Affected: 0.2.2
    Affected: 0.2.3
    Affected: 0.2.4
    Affected: 0.2.5
    Affected: 0.2.6
    Affected: 0.2.7
    Affected: 0.2.8
    Affected: 0.2.9
    Affected: 0.2.10
        cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-b (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:47:29.774644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:47:41.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "exec Safety Guard"
              ],
              "product": "clawlet",
              "vendor": "mosaxiv",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.2.0"
                },
                {
                  "status": "affected",
                  "version": "0.2.1"
                },
                {
                  "status": "affected",
                  "version": "0.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.2.3"
                },
                {
                  "status": "affected",
                  "version": "0.2.4"
                },
                {
                  "status": "affected",
                  "version": "0.2.5"
                },
                {
                  "status": "affected",
                  "version": "0.2.6"
                },
                {
                  "status": "affected",
                  "version": "0.2.7"
                },
                {
                  "status": "affected",
                  "version": "0.2.8"
                },
                {
                  "status": "affected",
                  "version": "0.2.9"
                },
                {
                  "status": "affected",
                  "version": "0.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-b (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T23:45:09.804Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378121"
            },
            {
              "name": "VDB-378121 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378121/cti"
            },
            {
              "name": "CVE-2026-15618 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15618"
            },
            {
              "name": "Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855792"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/mosaxiv/clawlet/issues/12"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/mosaxiv/clawlet/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T19:02:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15618",
        "datePublished": "2026-07-13T23:45:09.804Z",
        "dateReserved": "2026-07-13T16:57:32.960Z",
        "dateUpdated": "2026-07-14T12:47:41.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }