CVE-2026-16124
nextlevelbuilder GoClaw web_fetch web_shared.go isPrivateIP server-side request forgery
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web_shared.go of the component web_fetch. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.15.0-beta.33 is able to mitigate this issue. The name of the patch is 12a0168271827650ddb0026d6277fbadf3dcf3ea. Upgrading the affected component is recommended.
| CWE | CWE-918 |
| Vendor | nextlevelbuilder |
| Product | goclaw |
| Published | Jul 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for nextlevelbuilder goclaw
Be the first to know when new medium vulnerabilities affecting nextlevelbuilder goclaw are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
nextlevelbuilder / GoClaw
3.15.0-beta.0 3.15.0-beta.1 3.15.0-beta.2 3.15.0-beta.3 3.15.0-beta.4 3.15.0-beta.5 3.15.0-beta.6 3.15.0-beta.7 3.15.0-beta.8 3.15.0-beta.9 3.15.0-beta.10 3.15.0-beta.11 3.15.0-beta.12 3.15.0-beta.13 3.15.0-beta.14 3.15.0-beta.15 3.15.0-beta.16 3.15.0-beta.17 3.15.0-beta.18 3.15.0-beta.19 3.15.0-beta.20 3.15.0-beta.21 3.15.0-beta.22 3.15.0-beta.23 3.15.0-beta.24 3.15.0-beta.25 3.15.0-beta.26 3.15.0-beta.27 3.15.0-beta.28 3.15.0-beta.29 3.15.0-beta.30 3.15.0-beta.31 3.15.0-beta.32
References
vuldb.com: https://vuldb.com/vuln/379833 vuldb.com: https://vuldb.com/vuln/379833/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16124 vuldb.com: https://vuldb.com/submit/856858 github.com: https://github.com/nextlevelbuilder/goclaw/issues/1218 github.com: https://github.com/nextlevelbuilder/goclaw/pull/1269 github.com: https://github.com/nextlevelbuilder/goclaw/commit/12a0168271827650ddb0026d6277fbadf3dcf3ea github.com: https://github.com/nextlevelbuilder/goclaw/releases/tag/v3.15.0-beta.33 github.com: https://github.com/nextlevelbuilder/goclaw/
Credits
๐ Eric-g (VulDB User)