PatchSiren cyber security CVE debrief
CVE-2026-16130 nearai CVE debrief
A vulnerability was identified in nearai ironclaw up to 0.29.1, affecting the function validate_path of the file src/tools/builtin/path_utils.rs of the component write_file, leading to link following. This issue requires local access to approach the attack. The exploit is publicly available and might be used. The identifier of the patch is 369ff3d240cf3c0787b50e1e9f182e1a06c71255. It is recommended to apply a patch to fix this issue. The vulnerability has a CVSS score of 1.9 and a severity of LOW.
- Vendor
- nearai
- Product
- ironclaw
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-18
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-18
- Advisory updated
- 2026-07-18
Who should care
Users of nearai ironclaw up to 0.29.1 should apply a patch to fix this issue. The vulnerability has a CVSS score of 1.9 and a severity of LOW. Affected operators, platforms, vulnerability-management, and security teams should review and update their systems to prevent link following issues.
Technical summary
The vulnerability is caused by a link following issue in the validate_path function of the path_utils.rs file in the write_file component of nearai ironclaw up to 0.29.1. The exploit is publicly available and might be used. The identifier of the patch is 369ff3d240cf3c0787b50e1e9f182e1a06c71255. Users of nearai ironclaw up to 0.29.1 should apply a patch to fix this issue. The vulnerability has a CVSS score of 1.9 and a severity of LOW.
Defensive priority
Apply a patch to fix this issue. Review and update the validate_path function in the path_utils.rs file to prevent link following issues. Monitor for publicly available exploits and take necessary precautions.
Recommended defensive actions
- Apply the patch 369ff3d240cf3c0787b50e1e9f182e1a06c71255 to fix this issue.
- Review and update the validate_path function in the path_utils.rs file to prevent link following issues.
- Monitor for publicly available exploits and take necessary precautions.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-18T18:16:37.430Z and has not been modified since then. The NVD entry is currently Received. The vulnerability is identified in nearai ironclaw up to 0.29.1, affecting the function validate_path of the file src/tools/builtin/path_utils.rs of the component write_file, leading to link following. Local access is required to approach this attack. The exploit is publicly available and might be used. The identifier of the patch is 369ff3d240cf3c0787b50e1e9f182e1a06c71255. Users should verify the affected scope and apply necessary precautions.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T18:16:37.430Z and has not been modified since then. The NVD entry is currently Received.