← Back to CVE List
CVE-2026-16120NVD
Vulnerability Summary
A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/exec_approval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
External References
- https://vuldb.com/vuln/379829
- https://vuldb.com/vuln/379829/cti
- https://vuldb.com/cve/CVE-2026-16120
- https://vuldb.com/submit/856826
- https://github.com/nextlevelbuilder/goclaw/issues/1213
- https://github.com/nextlevelbuilder/goclaw/issues/1213#issuecomment-4760246569
- https://github.com/nextlevelbuilder/goclaw/