Zevorn rt-claw Swarm RPC Receiver Incorrect Authorization Vulnerability

Vulnerability

An authorization bypass vulnerability has been identified in the Zevorn rt-claw application, specifically in versions up to 0.2.0. The issue resides in the Swarm RPC Receiver component, within the handle_rpc_request function of the file claw/services/swarm/swarm.c. This vulnerability allows remote invocation of tools marked as local-only, bypassing intended authorization checks. The flaw has been publicly disclosed and is present in unreleased commits after v0.2.0, including the verified vulnerable commit 36d128f72afa0b9d40a21bcd6069b0c193a58f82.

Impact

Exploitation of this vulnerability allows for unauthorized remote invocation of local-only tools, with the verified impact including the persistence of attacker-controlled data into the application's long-term memory, influencing future AI interactions.

Reproduction

The vulnerability can be reproduced by sending a crafted UDP packet to the rt-claw Swarm RPC receiver on port 5300. This can be done using Python scripts that automate the process of forging the RPC request to invoke local-only tools.

Added: Jul 18, 2026, 4:24 PM
Updated: Jul 18, 2026, 4:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
8.7
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.