No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sat, 18 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._validate_command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users." | |
| Title | princezuda SafestClaw Built-in Web shell.py ShellAction._validate_command incomplete blacklist | |
| First Time appeared |
Princezuda
Princezuda safestclaw |
|
| Weaknesses | CWE-183 CWE-184 |
|
| CPEs | cpe:2.3:a:princezuda:safestclaw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Princezuda
Princezuda safestclaw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T17:00:09.200Z
Reserved: 2026-07-17T16:13:27.659Z
Link: CVE-2026-16129
No data.
No data.
No data.
OpenCVE Enrichment
No data.