PT-2026-45249 · Nextlevelbuilder · Goclaw

Eric-B

Published

2026-06-01

Updated

2026-06-01

CVE-2026-10217

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.11.4

Description A flaw in the RoleAdmin Gateway component allows for improper privilege management. The issue resides within the handleSave() function located in the internal/http/tts config.go file, which can be exploited remotely.

Recommendations Update to a version later than 3.11.3. As a temporary workaround, restrict access to the handleSave() function in the internal/http/tts config.go file to minimize the risk of exploitation.

Exploit

Fix

Incorrect Privilege Assignment

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-269

Related Identifiers

CVE-2026-10217

Affected Products

Goclaw

PT-2026-45249 · Nextlevelbuilder · Goclaw

CVE-2026-10217

Weakness Enumeration

Related Identifiers

Affected Products

References · 9