CVE-2026-16200
zevorn · rt-claw
An improper authorization vulnerability in the zevorn rt-claw RPC handler allows unauthenticated remote attackers to manipulate system tools and gain elevated privileges.
Executive summary
An improper authorization flaw in the zevorn rt-claw RPC handler, currently without an official patch, exposes systems to privilege escalation and unauthorized manipulation.
Vulnerability
This vulnerability, classified as CWE-863, exists in the claw_tool_invoke function within the claw/services/swarm/swarm.c file. It allows unauthenticated attackers to perform unauthorized actions by manipulating RPC data, leading to a compromise of confidentiality, integrity, and availability.
Business impact
With a CVSS score of 7.3, this vulnerability represents a significant risk to the security posture of systems utilizing rt-claw. An attacker can leverage this flaw to gain unauthorized control over system services, which may lead to data exfiltration or the disruption of critical operations, as there is currently no official vendor patch available.
Remediation
Immediate Action: Since no official patch exists, restrict network access to the affected RPC interface using firewall rules to ensure only trusted internal entities can reach the service.
Proactive Monitoring: Monitor system logs for anomalous RPC invocations or unexpected changes in service state that deviate from standard operational patterns.
Compensating Controls: Implement strict network segmentation to isolate the rt-claw service from external and untrusted internal networks until a formal fix is released.
Exploitation status
Public Exploit Available: Yes (referenced in public vulnerability databases)
Analyst recommendation
Given the availability of a public exploit and the absence of a vendor-provided patch, organizations must treat this vulnerability with extreme urgency. Immediate network isolation is required to prevent unauthorized access until the vendor addresses the flaw in the underlying codebase.