Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible endpoint requires only low-privilege auth (PR:L); no scope change; all three impacts low since only cron job data is exposed or deletable.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool_cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
AnalysisAI
Missing authorization in mosaxiv clawlet up to version 0.2.10 allows low-privileged remote attackers to list and remove cron jobs through the cron Chat Tool component without proper permission checks. The affected functions are list and remove in tools/tool_cron.go, enabling unauthorized enumeration and deletion of scheduled tasks. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires a valid low-privilege authenticated session in clawlet (PR:L confirmed by CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 (Medium) reflects a network-accessible, low-complexity attack requiring only low privileges with low C/I/A impacts - an accurate picture for unauthorized cron job list and removal. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds any valid low-privilege account on a clawlet instance sends crafted HTTP requests to the cron Chat Tool's list endpoint to enumerate all scheduled cron jobs, then issues remove requests against targeted jobs to disrupt scheduled operations. Because a public proof-of-concept is available via GitHub issue #17, this scenario requires minimal attacker capability beyond possessing valid credentials. |
| Remediation | No vendor-released patch exists and none is planned - the GitHub issue was closed as 'not planned' (https://github.com/mosaxiv/clawlet/issues/17). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Server-side request forgery in mosaxiv clawlet up to version 0.2.10 enables authenticated remote attackers to manipulate
Link-following vulnerability in mosaxiv clawlet up to version 0.2.10 allows local low-privileged attackers to read, writ
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45175
GHSA-xp4x-w877-82xm