Information Disclosure Vulnerability in nextlevelbuilder GoClaw
CVE-2026-15627
Key Information:
- Vendor
Nextlevelbuilder
- Status
- Vendor
- CVE Published:
- 14 July 2026
Badges
What is CVE-2026-15627?
A vulnerability in the GoClaw tool from nextlevelbuilder may allow for information disclosure due to improper handling of navigation parameters within the handleNavigate function. Specifically, manipulation of the args.targetUrl argument can facilitate unauthorized remote access to sensitive information. An exploit for this vulnerability is publicly available, making it imperative for users to assess their exposure and take necessary precautions.
Affected Version(s)
GoClaw 3.13.3-beta.0
GoClaw 3.13.3-beta.1
GoClaw 3.13.3-beta.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
