CVE-2026-15620 in clawlet
Summary
by MITRE • 07/14/2026
A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/14/2026
The security vulnerability identified in mosaxiv clawlet version 0.2.10 and earlier represents a critical server-side request forgery flaw that exposes the application to remote exploitation. This vulnerability resides within the tools.webFetch function located in tools/tool_web_fetch.go, which serves as a core component for web fetching operations within the application's tooling infrastructure. The flaw enables attackers to manipulate the web fetching functionality to make unauthorized requests to internal or external resources that should otherwise be protected from direct access.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the webFetch function, allowing malicious actors to inject arbitrary URLs or request parameters that bypass normal access controls. When the application processes these manipulated inputs through the vulnerable function, it executes requests to attacker-controlled endpoints without proper authorization checks or resource isolation measures. This creates a pathway for attackers to potentially access internal systems, perform reconnaissance activities, or exfiltrate sensitive data from within the network perimeter.
The operational impact of this vulnerability extends beyond simple data exposure, as it provides attackers with the capability to conduct various malicious activities including but not limited to internal network scanning, credential harvesting, and potential lateral movement within compromised environments. The remote exploitability of this flaw means that attackers do not require physical access or network proximity to the target system, significantly increasing the attack surface and attack velocity. Given that public exploitation details have been disclosed, the vulnerability presents an immediate risk to all affected installations without proper mitigation measures in place.
Organizations utilizing mosaxiv clawlet versions 0.2.10 and earlier should implement immediate remediation strategies including updating to patched versions if available, implementing network segmentation to isolate vulnerable components, and applying input validation controls at multiple layers of the application architecture. The lack of official support for this vulnerability, as indicated by the closed GitHub issue labeled "not planned," suggests that continued use of affected versions may leave systems exposed to ongoing exploitation attempts. Implementation of proper web request filtering mechanisms, including strict URL validation, protocol restrictions, and outbound connection controls, forms essential defensive measures against this class of server-side request forgery attacks.
This vulnerability aligns with common weakness enumerations such as CWE-918, which specifically addresses server-side request forgery vulnerabilities, and maps to attack techniques documented in the ATT&CK framework under T1071.004 for application layer protocol traffic filtering. The remediation approach should incorporate security controls that address both the immediate exploitation vector and broader architectural weaknesses that may enable similar vulnerabilities throughout the application ecosystem. Organizations should also consider implementing monitoring and detection mechanisms to identify anomalous web request patterns that may indicate exploitation attempts against this or related vulnerabilities.