Improper Authorization in GoClaw by Nextlevelbuilder
CVE-2026-16121
Key Information:
- Vendor
Nextlevelbuilder
- Status
- Vendor
- CVE Published:
- 18 July 2026
Badges
What is CVE-2026-16121?
A vulnerability has been discovered in GoClaw by Nextlevelbuilder, affecting version 3.13.2. This issue is centered around the isSafeBin function in the internal/tools/exec_approval.go file. Due to improper authorization handling, attackers can exploit this vulnerability remotely, leading to unauthorized access. With exploits already publicly available, users of this software should take immediate actions to mitigate risks. Ensure that you stay informed about updates and follow best security practices to protect your systems.
Affected Version(s)
GoClaw 3.13.0
GoClaw 3.13.1
GoClaw 3.13.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
