๐Ÿ” CVE Alert

CVE-2026-16124

MEDIUM 6.3

nextlevelbuilder GoClaw web_fetch web_shared.go isPrivateIP server-side request forgery

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web_shared.go of the component web_fetch. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.15.0-beta.33 is able to mitigate this issue. The name of the patch is 12a0168271827650ddb0026d6277fbadf3dcf3ea. Upgrading the affected component is recommended.

CWE CWE-918
Vendor nextlevelbuilder
Product goclaw
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for nextlevelbuilder goclaw

Be the first to know when new medium vulnerabilities affecting nextlevelbuilder goclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

nextlevelbuilder / GoClaw
3.15.0-beta.0 3.15.0-beta.1 3.15.0-beta.2 3.15.0-beta.3 3.15.0-beta.4 3.15.0-beta.5 3.15.0-beta.6 3.15.0-beta.7 3.15.0-beta.8 3.15.0-beta.9 3.15.0-beta.10 3.15.0-beta.11 3.15.0-beta.12 3.15.0-beta.13 3.15.0-beta.14 3.15.0-beta.15 3.15.0-beta.16 3.15.0-beta.17 3.15.0-beta.18 3.15.0-beta.19 3.15.0-beta.20 3.15.0-beta.21 3.15.0-beta.22 3.15.0-beta.23 3.15.0-beta.24 3.15.0-beta.25 3.15.0-beta.26 3.15.0-beta.27 3.15.0-beta.28 3.15.0-beta.29 3.15.0-beta.30 3.15.0-beta.31 3.15.0-beta.32

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379833 vuldb.com: https://vuldb.com/vuln/379833/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16124 vuldb.com: https://vuldb.com/submit/856858 github.com: https://github.com/nextlevelbuilder/goclaw/issues/1218 github.com: https://github.com/nextlevelbuilder/goclaw/pull/1269 github.com: https://github.com/nextlevelbuilder/goclaw/commit/12a0168271827650ddb0026d6277fbadf3dcf3ea github.com: https://github.com/nextlevelbuilder/goclaw/releases/tag/v3.15.0-beta.33 github.com: https://github.com/nextlevelbuilder/goclaw/

Credits

๐Ÿ” Eric-g (VulDB User)