Vendor
Server-Side Request Forgery in zevorn rt-claw (CVE-2026-16128)
3 TTPs 1 CVE 5 IOCsA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-16128, exists in zevorn rt-claw versions up to and including 0.2.0. The flaw is located within the `receiver_thread` function of the `http_request` component in `claw/services/swarm/swarm.c`. This critical vulnerability allows remote attackers to perform server-side request forgery, and a public exploit is available, increasing the urgency for detection and mitigation efforts.
CVE-2026-16125: Server-Side Request Forgery in zevorn rt-claw
1 rule 3 TTPs 2 CVEs 10 IOCsA critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-16125, affects zevorn rt-claw versions up to and including 0.2.0, residing in the claw_net_get/claw_net_post functions within the http_request component, allowing remote attackers to manipulate the URL argument and access internal resources or perform port scanning.