Description
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".
Problem types
Product status
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
Timeline
| 2026-07-13: | Advisory disclosed |
| 2026-07-13: | VulDB entry created |
| 2026-07-13: | VulDB entry last update |
Credits
Eric-b (VulDB User)
VulDB CNA Team
References
vuldb.com/vuln/378121 (VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism)
vuldb.com/vuln/378121/cti (VDB-378121 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15618 (CVE-2026-15618 | CVE Analysis and Report)
vuldb.com/submit/855792 (Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693))
github.com/mosaxiv/clawlet/issues/12
github.com/mosaxiv/clawlet/