A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
History

Tue, 14 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed with the label "not planned".
Title mosaxiv clawlet IPv4 tool_web_fetch.go web_fetch server-side request forgery
First Time appeared Mosaxiv
Mosaxiv clawlet
Weaknesses CWE-918
CPEs cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*
Vendors & Products Mosaxiv
Mosaxiv clawlet
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-14T00:00:12.931Z

Updated: 2026-07-14T00:00:12.931Z

Reserved: 2026-07-13T16:57:35.760Z

Link: CVE-2026-15619

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.