PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16201 zevorn CVE debrief

A vulnerability was found in zevorn rt-claw up to 0.2.0. The function claw_net_get/claw_net_post in claw/services/tools/net.c of the http_request component can result in information disclosure. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed early but has not responded yet. This vulnerability affects the http_request component of zevorn rt-claw, specifically versions up to 0.2.0, and can lead to information disclosure.

Vendor
zevorn
Product
rt-claw
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-19
Original CVE updated
2026-07-19
Advisory published
2026-07-19
Advisory updated
2026-07-19

Who should care

Users of zevorn rt-claw up to 0.2.0 should assess and apply patches or mitigations. This includes operators, administrators, and security teams responsible for managing and securing zevorn rt-claw installations. The vulnerability can be exploited remotely, and the exploit has been made public, increasing the urgency for affected users to take action.

Technical summary

The vulnerability, CVE-2026-16201, affects zevorn rt-claw versions up to 0.2.0. It is located in the claw/services/tools/net.c file, specifically in the claw_net_get and claw_net_post functions of the http_request component. Successful exploitation can lead to information disclosure. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. Users of zevorn rt-claw up to 0.2.0 should assess and apply patches or mitigations.

Defensive priority

Apply patches or updates for zevorn rt-claw as soon as available. Monitor for and restrict remote access to affected systems. Review compensating controls for exposed systems while remediation is scheduled and verified.

Recommended defensive actions

  • Inventory and assess zevorn rt-claw installations for version 0.2.0 or earlier.
  • Apply patches or updates for zevorn rt-claw as soon as available.
  • Monitor for and restrict remote access to affected systems.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-19T01:17:02.087Z and has not been modified since then. The NVD entry is currently Received. The vulnerability affects zevorn rt-claw versions up to 0.2.0. The function claw_net_get/claw_net_post in claw/services/tools/net.c of the http_request component can result in information disclosure. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed early but has not responded yet. Users of zevorn rt-claw up to 0.2.0 should assess and apply patches or mitigations. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-19T01:17:02.087Z and has not been modified since then. The NVD entry is currently Received.