PatchSiren cyber security CVE debrief
CVE-2026-15621 mosaxiv CVE debrief
A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label 'not planned'. Users of mosaxiv clawlet up to 0.2.10 should review the vulnerability details and apply patches as necessary. The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10.
- Vendor
- mosaxiv
- Product
- clawlet
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-14
Who should care
Users of mosaxiv clawlet up to 0.2.10 should review and apply patches as necessary. The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10. The functions read_file, write_file, and edit_file are impacted, allowing for link following attacks that require local access.
Technical summary
The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10. The functions read_file, write_file, and edit_file are impacted, allowing for link following attacks that require local access. Users of mosaxiv clawlet up to 0.2.10 should review and apply patches as necessary. The attack needs to be approached locally. Additional review of local access controls and monitoring for suspicious activity is recommended to mitigate potential impacts. It is crucial to verify the affected scope and apply compensating controls where necessary. Reviewing the official advisory or CVE record can help validate severity and vendor guidance.
Defensive priority
Medium priority due to local attack vector and potential for link following attacks. Users of mosaxiv clawlet up to 0.2.10 should review the vulnerability details and apply patches as necessary.
Recommended defensive actions
- Review and apply patches for mosaxiv clawlet up to 0.2.10
- Implement compensating controls for local access
- Monitor for suspicious local activity
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-14T01:16:17.033Z and has not been modified since then. The NVD entry is currently Received. The vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label 'not planned'.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T01:16:17.033Z and has not been modified since then.