Search
Find a vulnerability
Search criteria
8 vulnerabilities by mosaxiv
CVE-2026-15621 (GCVE-0-2026-15621)
Vulnerability from nvd – Published: 2026-07-14 00:45 – Updated: 2026-07-14 00:45
VLAI
EPSS
VEX
Title
mosaxiv clawlet File Tools fs_ops.go edit_file link following
Summary
A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-59 - Link Following
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378124 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378124/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15621 | third-party-advisory |
| https://vuldb.com/submit/855796 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/15 | issue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"File Tools"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:45:11.699Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378124 | mosaxiv clawlet File Tools fs_ops.go edit_file link following",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378124"
},
{
"name": "VDB-378124 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378124/cti"
},
{
"name": "CVE-2026-15621 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15621"
},
{
"name": "Submit #855796 | mosaxiv clawlet 0.2.10 Improper Link Resolution Before File Access (CWE-59)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855796"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/15"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet File Tools fs_ops.go edit_file link following"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15621",
"datePublished": "2026-07-14T00:45:11.699Z",
"dateReserved": "2026-07-13T16:57:41.446Z",
"dateUpdated": "2026-07-14T00:45:11.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15620 (GCVE-0-2026-15620)
Vulnerability from nvd – Published: 2026-07-14 00:15 – Updated: 2026-07-14 00:15
VLAI
EPSS
VEX
Title
mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery
Summary
A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378123 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378123/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15620 | third-party-advisory |
| https://vuldb.com/submit/855795 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/14 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:15:08.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378123 | mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378123"
},
{
"name": "VDB-378123 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378123/cti"
},
{
"name": "CVE-2026-15620 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15620"
},
{
"name": "Submit #855795 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855795"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/14"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15620",
"datePublished": "2026-07-14T00:15:08.152Z",
"dateReserved": "2026-07-13T16:57:38.543Z",
"dateUpdated": "2026-07-14T00:15:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15619 (GCVE-0-2026-15619)
Vulnerability from nvd – Published: 2026-07-14 00:00 – Updated: 2026-07-14 00:00
VLAI
EPSS
VEX
Title
mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
Summary
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378122 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378122/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15619 | third-party-advisory |
| https://vuldb.com/submit/855793 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/13 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"IPv4 Handler"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:00:12.931Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378122 | mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378122"
},
{
"name": "VDB-378122 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378122/cti"
},
{
"name": "CVE-2026-15619 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15619"
},
{
"name": "Submit #855793 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855793"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/13"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15619",
"datePublished": "2026-07-14T00:00:12.931Z",
"dateReserved": "2026-07-13T16:57:35.760Z",
"dateUpdated": "2026-07-14T00:00:12.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15618 (GCVE-0-2026-15618)
Vulnerability from nvd – Published: 2026-07-13 23:45 – Updated: 2026-07-13 23:45
VLAI
EPSS
VEX
Title
mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism
Summary
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378121 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378121/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15618 | third-party-advisory |
| https://vuldb.com/submit/855792 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/12 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"exec Safety Guard"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T23:45:09.804Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378121"
},
{
"name": "VDB-378121 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378121/cti"
},
{
"name": "CVE-2026-15618 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15618"
},
{
"name": "Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855792"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/12"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15618",
"datePublished": "2026-07-13T23:45:09.804Z",
"dateReserved": "2026-07-13T16:57:32.960Z",
"dateUpdated": "2026-07-13T23:45:09.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15621 (GCVE-0-2026-15621)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:45 – Updated: 2026-07-14 00:45
VLAI
EPSS
VEX
Title
mosaxiv clawlet File Tools fs_ops.go edit_file link following
Summary
A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-59 - Link Following
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378124 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378124/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15621 | third-party-advisory |
| https://vuldb.com/submit/855796 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/15 | issue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"File Tools"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:45:11.699Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378124 | mosaxiv clawlet File Tools fs_ops.go edit_file link following",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378124"
},
{
"name": "VDB-378124 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378124/cti"
},
{
"name": "CVE-2026-15621 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15621"
},
{
"name": "Submit #855796 | mosaxiv clawlet 0.2.10 Improper Link Resolution Before File Access (CWE-59)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855796"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/15"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet File Tools fs_ops.go edit_file link following"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15621",
"datePublished": "2026-07-14T00:45:11.699Z",
"dateReserved": "2026-07-13T16:57:41.446Z",
"dateUpdated": "2026-07-14T00:45:11.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15620 (GCVE-0-2026-15620)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:15 – Updated: 2026-07-14 00:15
VLAI
EPSS
VEX
Title
mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery
Summary
A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378123 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378123/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15620 | third-party-advisory |
| https://vuldb.com/submit/855795 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/14 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:15:08.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378123 | mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378123"
},
{
"name": "VDB-378123 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378123/cti"
},
{
"name": "CVE-2026-15620 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15620"
},
{
"name": "Submit #855795 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855795"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/14"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet tool_web_fetch.go tools.webFetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15620",
"datePublished": "2026-07-14T00:15:08.152Z",
"dateReserved": "2026-07-13T16:57:38.543Z",
"dateUpdated": "2026-07-14T00:15:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15619 (GCVE-0-2026-15619)
Vulnerability from cvelistv5 – Published: 2026-07-14 00:00 – Updated: 2026-07-14 00:00
VLAI
EPSS
VEX
Title
mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
Summary
A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378122 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378122/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15619 | third-party-advisory |
| https://vuldb.com/submit/855793 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/13 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"IPv4 Handler"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:00:12.931Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378122 | mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378122"
},
{
"name": "VDB-378122 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378122/cti"
},
{
"name": "CVE-2026-15619 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15619"
},
{
"name": "Submit #855793 | mosaxiv clawlet 0.2.10 Server-Side Request Forgery (SSRF) (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855793"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/13"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15619",
"datePublished": "2026-07-14T00:00:12.931Z",
"dateReserved": "2026-07-13T16:57:35.760Z",
"dateUpdated": "2026-07-14T00:00:12.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15618 (GCVE-0-2026-15618)
Vulnerability from cvelistv5 – Published: 2026-07-13 23:45 – Updated: 2026-07-13 23:45
VLAI
EPSS
VEX
Title
mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism
Summary
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
Severity
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378121 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378121/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15618 | third-party-advisory |
| https://vuldb.com/submit/855792 | third-party-advisory |
| https://github.com/mosaxiv/clawlet/issues/12 | exploitissue-tracking |
| https://github.com/mosaxiv/clawlet/ | product |
Impacted products
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"
],
"modules": [
"exec Safety Guard"
],
"product": "clawlet",
"vendor": "mosaxiv",
"versions": [
{
"status": "affected",
"version": "0.2.0"
},
{
"status": "affected",
"version": "0.2.1"
},
{
"status": "affected",
"version": "0.2.2"
},
{
"status": "affected",
"version": "0.2.3"
},
{
"status": "affected",
"version": "0.2.4"
},
{
"status": "affected",
"version": "0.2.5"
},
{
"status": "affected",
"version": "0.2.6"
},
{
"status": "affected",
"version": "0.2.7"
},
{
"status": "affected",
"version": "0.2.8"
},
{
"status": "affected",
"version": "0.2.9"
},
{
"status": "affected",
"version": "0.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T23:45:09.804Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378121"
},
{
"name": "VDB-378121 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378121/cti"
},
{
"name": "CVE-2026-15618 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15618"
},
{
"name": "Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855792"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mosaxiv/clawlet/issues/12"
},
{
"tags": [
"product"
],
"url": "https://github.com/mosaxiv/clawlet/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:02:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15618",
"datePublished": "2026-07-13T23:45:09.804Z",
"dateReserved": "2026-07-13T16:57:32.960Z",
"dateUpdated": "2026-07-13T23:45:09.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}