CVE-2026-10616
MEDIUMnextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization
Title source: cnaDescription
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367925 | nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization
https://vuldb.com/vuln/367925
Signature, Permissions Required signature
permissions-required
VDB-367925 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367925/cti
Third Party Advisory third-party-advisory
CVE-2026-10616 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10616
Third Party Advisory third-party-advisory
Submit #829420 | nextlevelbuilder GoClaw <= 3.11.3 Missing Authorization (CWE-862)
https://vuldb.com/submit/829420
Exploit exploit
issue-tracking
https://github.com/nextlevelbuilder/goclaw/issues/1133
Product product
https://github.com/nextlevelbuilder/goclaw/
Scores
CVSS v3
4.3
EPSS
0.0021
EPSS Percentile
10.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
CWE-863
Status
published
Products (4)
nextlevelbuilder/GoClaw
3.11.0
nextlevelbuilder/GoClaw
3.11.1
nextlevelbuilder/GoClaw
3.11.2
nextlevelbuilder/GoClaw
3.11.3
Published
Jun 02, 2026
Tracked Since
Jun 03, 2026