PT-2026-57952 · Nextlevelbuilder · Goclaw

Eric-B

·

Publicado

2026-07-14

·

Atualizado

2026-07-14

·

CVE-2026-15624

CVSS v3.1

6.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create video byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-15624

Produtos afetados

Goclaw