A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._validate_command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users."
Metrics
Affected Vendors & Products
References
History
Sat, 18 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction._validate_command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The presence of this vulnerability remains uncertain at this time. The project maintainer explains: "On paper you're correct, this is a vulnerability. In practice, nothing your AI generated shows how it makes users vulnerable. It's open source. Someone can mod the shell allow list or remove that system. Present an actual poc that shows a threat to users." | |
| Title | princezuda SafestClaw Built-in Web shell.py ShellAction._validate_command incomplete blacklist | |
| First Time appeared |
Princezuda
Princezuda safestclaw |
|
| Weaknesses | CWE-183 CWE-184 |
|
| CPEs | cpe:2.3:a:princezuda:safestclaw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Princezuda
Princezuda safestclaw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T17:00:09.200Z
Reserved: 2026-07-17T16:13:27.659Z
Link: CVE-2026-16129
No data.
No data.
No data.
OpenCVE Enrichment
No data.