← Back to CVE List
CVE-2026-16122NVD
Vulnerability Summary
A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec_approval.go. The manipulation results in incorrect authorization. The exploit has been released to the public and may be used for attacks.
CVSS v3.1 Base Metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
External References
- https://vuldb.com/vuln/379831
- https://vuldb.com/vuln/379831/cti
- https://vuldb.com/cve/CVE-2026-16122
- https://vuldb.com/submit/856856
- https://github.com/nextlevelbuilder/goclaw/issues/1216
- https://github.com/nextlevelbuilder/goclaw/issues/1216#issuecomment-4760050291
- https://github.com/nextlevelbuilder/goclaw/