106 matches found
EUVD-2026-45377
A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...
EUVD-2026-45378
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
EUVD-2026-45382
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file internal/tools/execapproval.go. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
EUVD-2026-45384
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-16124
The CVE concerns nextlevelbuilder GoClaw (up to version 3.15.0-beta.32) where the CheckSSRF/isPrivateIP function in web_fetch/internal/tools/web_shared.go enables server-side request forgery. Remote exploitation is possible and the exploit has been publicly disclosed. A fix is available in versio...
CVE-2026-16123
The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...
CVE-2026-16122
Nextlevelbuilder GoClaw up to 3.13.2 is affected by CVE-2026-16122. The vulnerability is in extractBin/RequestApproval/matchesAllowlist of internal/tools/exec_approval.go and allows manipulation that results in incorrect authorization. The exploit has been released publicly and may be used for at...
CVE-2026-16120
A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...
CVE-2026-16119
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
CVE-2026-16121
GoClaw (nextlevelbuilder) vulnerable up to version 3.13.2 due to a flaw in isSafeBin (internal/tools/exec_approval.go / internal/tools/exec approval.go) that enables improper authorization. The issue can be triggered remotely and a public exploit exists; no remediation details are provided in the...
CVE-2026-16120 nextlevelbuilder GoClaw exec_approval.go extractBin name resolution
A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...
CVE-2026-16120
CVE-2026-16120 affects nextlevelbuilder GoClaw up to version 3.13.3-beta.3. The vulnerability targets the function matchesAllowlist/extractBin in internal/tools/exec_approval.go, where manipulation can cause an incorrectly-resolved name. The attack can be performed remotely, and public exploitati...
CVE-2026-16120
A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...
CVE-2026-16119 nextlevelbuilder GoClaw WebSocket Approval Endpoint exec_approval.go RequestApproval authorization
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
CVE-2026-16119
CVE-2026-16119 affects nextlevelbuilder GoClaw up to 3.13.2, specifically the WebSocket Approval Endpoint’s internal/tools/exec_approval.go, function RequestApproval. A manipulation can cause incorrect authorization, and the attack can be carried out remotely. The exploit has been made public, wi...
CVE-2026-16119
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
CVE-2026-15627
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...
CVE-2026-15626
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...
CVE-2026-15627
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...
EUVD-2026-43616
A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...