PT-2026-60962 · Nextlevelbuilder · Goclaw

·

CVE-2026-16119

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.13.3
Description An incorrect authorization issue exists in the WebSocket Approval Endpoint. A remote attacker can manipulate the RequestApproval() function within the internal/tools/exec approval.go file to bypass authorization mechanisms.
Recommendations Update nextlevelbuilder GoClaw to version 3.13.3 or later. As a temporary mitigation, restrict access to the WebSocket Approval Endpoint to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16119

Affected Products

Goclaw