← Back to CVE List
CVE-2026-16123NVD
Vulnerability Summary
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/tools_invoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
External References
- https://vuldb.com/vuln/379832
- https://vuldb.com/vuln/379832/cti
- https://vuldb.com/cve/CVE-2026-16123
- https://vuldb.com/submit/856857
- https://github.com/nextlevelbuilder/goclaw/issues/1217
- https://github.com/nextlevelbuilder/goclaw/issues/1217#issuecomment-4759982122
- https://github.com/nextlevelbuilder/goclaw/