CVE-2026-15619 in clawletinfo

Summary

by MITRE • 07/14/2026

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/14/2026

The vulnerability identified in mosaxiv clawlet version 0.2.10 represents a critical server-side request forgery weakness that stems from improper input validation within the web_fetch function located in tools/tool_web_fetch.go. This flaw exists within the IPv4 Handler component and demonstrates a classic security oversight where user-supplied URL parameters are not adequately sanitized or validated before being processed by the application's network communication functions. The vulnerability allows attackers to manipulate the url argument parameter, potentially enabling them to make unauthorized requests to internal systems that would otherwise be protected by network segmentation or access controls.

The technical implementation of this weakness exposes a direct path for remote exploitation through the manipulation of URL arguments passed to the web_fetch function. When the application processes these arguments without proper validation, it creates an environment where malicious actors can construct specially crafted URLs that bypass normal security boundaries. This type of vulnerability falls under CWE-918, which specifically addresses server-side request forgery issues where applications fail to properly validate and sanitize external input sources that are used to make network requests.

The operational impact of this vulnerability extends beyond simple information disclosure or unauthorized access. Attackers can leverage this weakness to perform reconnaissance activities against internal network resources, potentially accessing sensitive systems that should remain isolated from external networks. The fact that a public exploit has been made available increases the risk profile significantly, as it eliminates the need for advanced technical skills to initiate attacks. This vulnerability could enable attackers to probe internal services, exfiltrate data through covert channels, or even establish persistence mechanisms within target environments.

The remediation approach should focus on implementing comprehensive input validation and sanitization measures for all URL parameters processed by the web_fetch function. Security controls must include strict validation of URL formats, whitelisting of approved domains, and implementation of proper network access controls that prevent outbound requests to unauthorized destinations. Organizations should also consider implementing network segmentation strategies and using proxy servers or API gateways to mediate external communications. The vulnerability's classification aligns with ATT&CK technique T1071.004 which covers application layer protocol: DNS, and the broader category of T1566 related to credential access through various attack vectors.

The closure of the reported GitHub issue with the label "not planned" represents a concerning security posture that indicates the maintainers may not prioritize addressing this vulnerability despite its public exploit availability. This decision leaves affected systems exposed to potential exploitation, particularly in environments where the mosaxiv clawlet tool is deployed. The lack of official patching or mitigation guidance from the development team increases the responsibility for downstream users to implement their own protective measures while simultaneously highlighting the importance of supply chain security and vendor accountability in maintaining secure software ecosystems.

Organizations utilizing this component should immediately conduct vulnerability assessments to identify all instances where the affected version is present and implement network-level controls that prevent outbound requests to potentially malicious destinations. The vulnerability demonstrates how seemingly simple input handling functions can create significant security risks when proper validation mechanisms are absent, emphasizing the need for comprehensive security testing throughout the software development lifecycle.

Responsible

VulDB

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you know our Splunk app?

Download it now for free!