CVE-2026-10219
nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-78 CWE-77 |
| Vendor | nextlevelbuilder |
| Product | goclaw |
| Published | Jun 1, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for nextlevelbuilder goclaw
Be the first to know when new high vulnerabilities affecting nextlevelbuilder goclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
nextlevelbuilder / GoClaw
3.11.0 3.11.1 3.11.2 3.11.3
References
vuldb.com: https://vuldb.com/vuln/367498 vuldb.com: https://vuldb.com/vuln/367498/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10219 vuldb.com: https://vuldb.com/submit/821939 github.com: https://github.com/nextlevelbuilder/goclaw/issues/1121 github.com: https://github.com/nextlevelbuilder/goclaw/pull/1155 github.com: https://github.com/nextlevelbuilder/goclaw/
Credits
๐ Eric-b (VulDB User) VulDB CNA Team