PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15621 mosaxiv CVE debrief

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label 'not planned'. Users of mosaxiv clawlet up to 0.2.10 should review the vulnerability details and apply patches as necessary. The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10.

Vendor
mosaxiv
Product
clawlet
CVSS
MEDIUM 4.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-14
Advisory published
2026-07-14
Advisory updated
2026-07-14

Who should care

Users of mosaxiv clawlet up to 0.2.10 should review and apply patches as necessary. The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10. The functions read_file, write_file, and edit_file are impacted, allowing for link following attacks that require local access.

Technical summary

The vulnerability is located in the file tools/fs_ops.go of the component File Tools in mosaxiv clawlet up to 0.2.10. The functions read_file, write_file, and edit_file are impacted, allowing for link following attacks that require local access. Users of mosaxiv clawlet up to 0.2.10 should review and apply patches as necessary. The attack needs to be approached locally. Additional review of local access controls and monitoring for suspicious activity is recommended to mitigate potential impacts. It is crucial to verify the affected scope and apply compensating controls where necessary. Reviewing the official advisory or CVE record can help validate severity and vendor guidance.

Defensive priority

Medium priority due to local attack vector and potential for link following attacks. Users of mosaxiv clawlet up to 0.2.10 should review the vulnerability details and apply patches as necessary.

Recommended defensive actions

  • Review and apply patches for mosaxiv clawlet up to 0.2.10
  • Implement compensating controls for local access
  • Monitor for suspicious local activity
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-14T01:16:17.033Z and has not been modified since then. The NVD entry is currently Received. The vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read_file/write_file/edit_file of the file tools/fs_ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was closed with the label 'not planned'.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T01:16:17.033Z and has not been modified since then.