CVE-2026-10217
MEDIUMnextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management
Title source: cnaDescription
A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project tagged the reported issue as bug.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367496 | nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management
https://vuldb.com/vuln/367496
Signature, Permissions Required signature
permissions-required
VDB-367496 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367496/cti
Third Party Advisory third-party-advisory
CVE-2026-10217 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10217
Third Party Advisory third-party-advisory
Submit #821937 | nextlevelbuilder goclaw <= 3.11.3 Improper Privilege Management (CWE-269)
https://vuldb.com/submit/821937
Exploit exploit
issue-tracking
https://github.com/nextlevelbuilder/goclaw/issues/1118
Product product
https://github.com/nextlevelbuilder/goclaw/
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
11.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-269
Status
published
Products (4)
nextlevelbuilder/GoClaw
3.11.0
nextlevelbuilder/GoClaw
3.11.1
nextlevelbuilder/GoClaw
3.11.2
nextlevelbuilder/GoClaw
3.11.3
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026