Skip to main content

clawlet CVE-2026-15620

| EUVDEUVD-2026-43582 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-14 VulDB GHSA-q2gc-2p96-wxg9
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-exploitable SSRF requiring low-privilege authentication; limited impact scoped to vulnerable system with no lateral scope change.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jul 14, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
Jul 14, 2026 - 01:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 14, 2026 - 01:15 vuln.today
CVE Published
Jul 14, 2026 - 00:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".

AnalysisAI

Server-side request forgery in mosaxiv clawlet up to version 0.2.10 enables authenticated remote attackers to manipulate the webFetch tool function to issue arbitrary HTTP requests from the server, potentially reaching internal services, cloud metadata endpoints, or other network resources not directly accessible to the attacker. A publicly available proof-of-concept exploit was disclosed via GitHub issue #14, making real-world exploitation more accessible. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege credentials
Delivery
Submit crafted internal URL to webFetch endpoint
Exploit
Server issues HTTP request to target internal resource
Execution
Internal response returned to attacker
Impact
Harvest sensitive internal data or enumerate internal services

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a valid low-privilege account on the clawlet instance (confirmed by CVSS 4.0 PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.3 (Medium) reflects a network-exploitable flaw requiring low-privilege authentication, with limited confidentiality, integrity, and availability impact confined to the vulnerable system (VC:L/VI:L/VA:L, SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated low-privilege user of clawlet submits a crafted URL targeting an internal network resource - such as http://169.254.169.254/latest/meta-data/ in a cloud environment - to the webFetch tool endpoint. The server issues the request on the attacker's behalf and returns the response, exposing AWS instance metadata including IAM role credentials. …
Remediation No vendor-released patch is available and none is planned, as the upstream maintainer closed the GitHub issue (#14) as 'not planned.' Organizations using clawlet should consider migrating away from the tool or implementing compensating controls at the network and application layers. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15620 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy