CVE-2026-16125

zevorn · rt-claw

A Server-Side Request Forgery vulnerability exists in zevorn rt-claw, allowing unauthenticated attackers to potentially perform unauthorized requests.

Executive summary

An unauthenticated Server-Side Request Forgery vulnerability in zevorn rt-claw poses a significant risk of unauthorized internal network interaction.

Vulnerability

This vulnerability is a Server-Side Request Forgery (CWE-918) flaw that allows an attacker to manipulate server-side requests. The CVSS vector confirms that the attack requires no authentication (PR:N) and no user interaction (UI:N), making the service highly exposed.

Business impact

Successful exploitation allows an attacker to force the server to send requests to arbitrary destinations, which can be used to scan internal networks, bypass firewall restrictions, or interact with internal services that are otherwise unreachable from the internet. Given the CVSS score of 7.3, this represents a high-severity risk that could lead to unauthorized data access or the exposure of sensitive internal infrastructure.

Remediation

Immediate Action: Monitor the vendor repository for the release of a security patch and apply it immediately upon availability.

Proactive Monitoring: Review web server and application logs for suspicious outbound requests originating from the server, specifically targeting internal IP addresses or unusual domains.

Compensating Controls: Implement strict egress filtering on the server to restrict outbound connections only to necessary and trusted endpoints, effectively neutralizing the impact of SSRF.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Organizations utilizing zevorn rt-claw should prioritize identifying all instances of this software within their environment. Given the high-severity nature of SSRF, restricting outbound network traffic from the host is an essential immediate step until a formal vendor patch is verified and applied.