PatchSiren cyber security CVE debrief
CVE-2026-15620 mosaxiv CVE debrief
A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label 'not planned'. This vulnerability impacts users of mosaxiv clawlet up to 0.2.10, who should take necessary precautions to mitigate the risk.
- Vendor
- mosaxiv
- Product
- clawlet
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-14
Who should care
Users of mosaxiv clawlet up to 0.2.10 should be aware of this server-side request forgery vulnerability and take necessary precautions. This includes verifying affected deployments, reviewing official advisories, and applying vendor remediation if available. Additionally, users should implement compensating controls to detect and prevent server-side request forgery attacks and monitor for suspicious activity.
Technical summary
The vulnerability is located in the tools.webFetch function of the tools/tool_web_fetch.go file in mosaxiv clawlet up to 0.2.10. This function is susceptible to server-side request forgery attacks, which can be launched remotely. The vulnerability allows attackers to manipulate the webFetch function to make unauthorized requests on behalf of the vulnerable system. Users of affected versions should apply vendor remediation if available and implement compensating controls to detect and prevent such attacks.
Defensive priority
Low
Recommended defensive actions
- Inventory and verify affected mosaxiv clawlet installations
- Apply vendor remediation if available
- Implement compensating controls to detect and prevent server-side request forgery attacks
- Monitor for suspicious activity
- Review relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The reported GitHub issue was closed with the label 'not planned'. The CVE record was published on 2026-07-14T01:16:16.867Z and has not been modified since then. The vulnerability was detected in mosaxiv clawlet up to 0.2.10, affecting the function tools.webFetch of the file tools/tool_web_fetch.go, leading to server-side request forgery. The attack can be launched remotely. Users should verify affected deployments and review official advisories for guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T01:16:16.867Z and has not been modified since then.