๐Ÿ” CVE Alert

CVE-2026-16129

MEDIUM 5.3

princezuda SafestClaw Built-in Web shell.py ShellAction._validate_command incomplete blacklist

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._validate_command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users."

CWE CWE-184 CWE-183
Vendor princezuda
Product safestclaw
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for princezuda safestclaw

Be the first to know when new medium vulnerabilities affecting princezuda safestclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

princezuda / SafestClaw
4.2.0 4.2.1 4.2.2 4.2.3 4.2.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379845 vuldb.com: https://vuldb.com/vuln/379845/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16129 vuldb.com: https://vuldb.com/submit/856882 github.com: https://github.com/princezuda/safestclaw/issues/59 github.com: https://github.com/princezuda/safestclaw/

Credits

๐Ÿ” Eric-x (VulDB User) VulDB CNA Team