{"api_version":"1","generated_at":"2026-07-14T19:10:40+00:00","cve":"CVE-2026-15618","urls":{"html":"https://cve.report/CVE-2026-15618","api":"https://cve.report/api/cve/CVE-2026-15618.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-15618","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-15618"},"summary":{"title":"mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism","description":"A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\".","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-07-14 00:16:18","updated_at":"2026-07-14 15:26:24"},"problem_types":["CWE-693","CWE-693 Protection Mechanism Failure"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"2.1","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","data":{"baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/submit/855792","name":"https://vuldb.com/submit/855792","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/378121","name":"https://vuldb.com/vuln/378121","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/mosaxiv/clawlet/issues/12","name":"https://github.com/mosaxiv/clawlet/issues/12","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/378121/cti","name":"https://vuldb.com/vuln/378121/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/cve/CVE-2026-15618","name":"https://vuldb.com/cve/CVE-2026-15618","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/mosaxiv/clawlet/","name":"https://github.com/mosaxiv/clawlet/","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-15618","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-15618","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.0","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.1","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.2","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.3","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.4","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.5","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.6","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.7","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.8","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.9","platforms":[]},{"source":"CNA","vendor":"mosaxiv","product":"clawlet","version":"affected 0.2.10","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-07-13T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-07-13T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-07-13T19:02:46.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Eric-b (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-15618","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-14T12:47:29.774644Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-14T12:47:41.268Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:mosaxiv:clawlet:*:*:*:*:*:*:*:*"],"modules":["exec Safety Guard"],"product":"clawlet","vendor":"mosaxiv","versions":[{"status":"affected","version":"0.2.0"},{"status":"affected","version":"0.2.1"},{"status":"affected","version":"0.2.2"},{"status":"affected","version":"0.2.3"},{"status":"affected","version":"0.2.4"},{"status":"affected","version":"0.2.5"},{"status":"affected","version":"0.2.6"},{"status":"affected","version":"0.2.7"},{"status":"affected","version":"0.2.8"},{"status":"affected","version":"0.2.9"},{"status":"affected","version":"0.2.10"}]}],"credits":[{"lang":"en","type":"reporter","value":"Eric-b (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\"."}],"metrics":[{"cvssV4_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-693","description":"Protection Mechanism Failure","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-13T23:45:09.804Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-378121 | mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/378121"},{"name":"VDB-378121 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/378121/cti"},{"name":"CVE-2026-15618 | CVE Analysis and Report","tags":["third-party-advisory"],"url":"https://vuldb.com/cve/CVE-2026-15618"},{"name":"Submit #855792 | mosaxiv clawlet 0.2.10 Protection Mechanism Failure (CWE-693)","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/855792"},{"tags":["exploit","issue-tracking"],"url":"https://github.com/mosaxiv/clawlet/issues/12"},{"tags":["product"],"url":"https://github.com/mosaxiv/clawlet/"}],"timeline":[{"lang":"en","time":"2026-07-13T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-07-13T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-07-13T19:02:46.000Z","value":"VulDB entry last update"}],"title":"mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-15618","datePublished":"2026-07-13T23:45:09.804Z","dateReserved":"2026-07-13T16:57:32.960Z","dateUpdated":"2026-07-14T12:47:41.268Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 00:16:18","lastModifiedDate":"2026-07-14 15:26:24","problem_types":["CWE-693","CWE-693 Protection Mechanism Failure"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T12:47:29.774644Z","id":"CVE-2026-15618","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"15618","Ordinal":"1","Title":"mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand ","CVE":"CVE-2026-15618","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"15618","Ordinal":"1","NoteData":"A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/tool_exec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label \"not planned\".","Type":"Description","Title":"mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand "}]}}}