A vulnerability categorized as critical has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool_cron.go of the component cron Chat Tool. The manipulation results in missing authorization.

This vulnerability was named CVE-2026-16017. The attack may be performed from remote. In addition, an exploit is available.

The reported GitHub issue was closed with the label “not planned”.