PT-2026-60979 · Nearai · Ironclaw

·

CVE-2026-16130

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

3.2

Low

VectorAV:L/AC:L/Au:S/C:N/I:P/A:P
A vulnerability was identified in nearai ironclaw up to 0.29.1. The affected element is the function validate path of the file src/tools/builtin/path utils.rs of the component write file. The manipulation leads to link following. Local access is required to approach this attack. The exploit is publicly available and might be used. The identifier of the patch is 369ff3d240cf3c0787b50e1e9f182e1a06c71255. It is recommended to apply a patch to fix this issue.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16130

Affected Products

Ironclaw