PT-2026-57953 · Nextlevelbuilder · Goclaw
Eric-B
·
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-15625
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec approval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public and could be used.
Exploit
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Goclaw