๐Ÿ” CVE Alert

CVE-2026-16199

MEDIUM 6.3

nextlevelbuilder GoClaw credentialed_exec.go ExecTool.Execute improper authorization

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This affects the function ExecTool.Execute of the file goclaw/internal/tools/credentialed_exec.go. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been published and may be used.

CWE CWE-285 CWE-266
Vendor nextlevelbuilder
Product goclaw
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for nextlevelbuilder goclaw

Be the first to know when new medium vulnerabilities affecting nextlevelbuilder goclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

nextlevelbuilder / GoClaw
3.13.3-beta.0 3.13.3-beta.1 3.13.3-beta.2 3.13.3-beta.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/380015 vuldb.com: https://vuldb.com/vuln/380015/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16199 vuldb.com: https://vuldb.com/submit/857621 github.com: https://github.com/nextlevelbuilder/goclaw/issues/1215 github.com: https://github.com/nextlevelbuilder/goclaw/issues/1215#issuecomment-4760153807 github.com: https://github.com/nextlevelbuilder/goclaw/

Credits

๐Ÿ” Eric-x (VulDB User)