A vulnerability has been found in zevorn rt-claw up to 0.2.0 and classified as critical. This affects the function tool_run_script_execute of the file claw/services/tools/script.c of the component Telegram-to-AI Tool Execution Flow. Performing a manipulation results in code injection.

This vulnerability is cataloged as CVE-2026-16204. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.