PT-2026-60977 · Princezuda · Safestclaw

·

CVE-2026-16129

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

4.3

Medium

VectorAV:L/AC:L/Au:S/C:P/I:P/A:P
A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction. validate command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users."

Exploit

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16129

Affected Products

Safestclaw