Product
A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-16128, exists in zevorn rt-claw versions up to and including 0.2.0. The flaw is located within the `receiver_thread` function of the `http_request` component in `claw/services/swarm/swarm.c`. This critical vulnerability allows remote attackers to perform server-side request forgery, and a public exploit is available, increasing the urgency for detection and mitigation efforts.