A vulnerability identified as critical has been detected in mosaxiv clawlet up to 0.2.10. The impacted element is the function
web_fetch of the file tools/tool_web_fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery.
This vulnerability is handled as CVE-2026-15619. The attack can be initiated remotely. Additionally, an exploit exists.
The reported GitHub issue was closed with the label “not planned”.