Zevorn RT-Claw Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Zevorn RT-Claw versions through 0.2.0. The issue resides in the 'receiver_thread' function within 'claw/services/swarm/swarm.c', specifically related to the 'http_request' component. This vulnerability allows remote attackers to manipulate requests that the server processes, potentially accessing internal resources or loopback addresses.

Impact

Exploitation of this vulnerability allows an attacker to send requests to internal HTTP endpoints or loopback addresses, bypassing network restrictions. The response from these requests is then exfiltrated back to the attacker via the same RPC channel, making this a direct SSRF vulnerability with response leakage.

Reproduction

The vulnerability can be reproduced by sending an unauthenticated UDP packet to the RT-Claw swarm RPC service. This packet can include a JSON payload that specifies a URL targeting an internal or loopback HTTP resource. Once the RT-Claw application processes this request, it will fetch the specified URL without proper validation, allowing access to restricted endpoints. The response can then be returned through the RPC channel, demonstrating the SSRF exploitation.

Added: Jul 18, 2026, 5:24 PM
Updated: Jul 18, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
8.2
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.