CVE-2026-16200

zevorn · rt-claw

An improper authorization vulnerability in the zevorn rt-claw RPC handler allows unauthenticated remote attackers to manipulate system tools and gain elevated privileges.

Executive summary

An improper authorization flaw in the zevorn rt-claw RPC handler, currently without an official patch, exposes systems to privilege escalation and unauthorized manipulation.

Vulnerability

This vulnerability, classified as CWE-863, exists in the claw_tool_invoke function within the claw/services/swarm/swarm.c file. It allows unauthenticated attackers to perform unauthorized actions by manipulating RPC data, leading to a compromise of confidentiality, integrity, and availability.

Business impact

With a CVSS score of 7.3, this vulnerability represents a significant risk to the security posture of systems utilizing rt-claw. An attacker can leverage this flaw to gain unauthorized control over system services, which may lead to data exfiltration or the disruption of critical operations, as there is currently no official vendor patch available.

Remediation

Immediate Action: Since no official patch exists, restrict network access to the affected RPC interface using firewall rules to ensure only trusted internal entities can reach the service.

Proactive Monitoring: Monitor system logs for anomalous RPC invocations or unexpected changes in service state that deviate from standard operational patterns.

Compensating Controls: Implement strict network segmentation to isolate the rt-claw service from external and untrusted internal networks until a formal fix is released.

Exploitation status

Public Exploit Available: Yes (referenced in public vulnerability databases)

Analyst recommendation

Given the availability of a public exploit and the absence of a vendor-provided patch, organizations must treat this vulnerability with extreme urgency. Immediate network isolation is required to prevent unauthorized access until the vendor addresses the flaw in the underlying codebase.