Authorization Flaw in nextlevelbuilder GoClaw WebSocket RPC
CVE-2026-14716
Key Information:
- Vendor
Nextlevelbuilder
- Status
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14716?
A significant security flaw has been identified in the WebSocket RPC Handler of nextlevelbuilder's GoClaw, specifically in the MethodRouter.Handle function of router.go. This vulnerability allows for incorrect authorization, potentially enabling an attacker to manipulate access controls remotely. As the issue has been publicly disclosed and was reported to the project team ahead of time, it is imperative that users of affected versions take immediate steps to address this exploit to safeguard their systems.
Affected Version(s)
GoClaw 3.13.0-beta.0
GoClaw 3.13.0-beta.1
GoClaw 3.13.0-beta.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
