Product
A critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-16125, affects zevorn rt-claw versions up to and including 0.2.0, residing in the claw_net_get/claw_net_post functions within the http_request component, allowing remote attackers to manipulate the URL argument and access internal resources or perform port scanning.